redline | 95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b | Triage

Submit
Reports

Overview

overview

Static

static

3

95342506ae...cs.exe

windows7-x64

3

95342506ae...cs.exe

windows10-2004-x64

Sharing

General

Target

95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b_NeikiAnalytics.exe
Size

158KB
Sample

240628-nd85nswglc
MD5

9946e148b483ec9ffbaa721c4ba7d2a0
SHA1

768e539ccade7b6baa9df2f36590ac8a3d7105c6
SHA256

95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b
SHA512

f1832200c7896f997a6e4c35e4130ab4eb81d10fcabc9dd643cfea6e30dfcfe6da4962dc41ef9f80497fa531cb8a32dc4c5c507640162d913fbcb8f55afbe04c
SSDEEP

3072:3RTddwY0JwsR4TbswYqkX5bEdGDOjESHhddJWjjY/ffIg0ju2UBsDMmYTddwY0Je:3BIMT7

Score

10^/10

redline infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b_NeikiAnalytics.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

redline infostealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b_NeikiAnalytics.exe
- Size
  
  158KB
- MD5
  
  9946e148b483ec9ffbaa721c4ba7d2a0
- SHA1
  
  768e539ccade7b6baa9df2f36590ac8a3d7105c6
- SHA256
  
  95342506ae387147159242d5efdb3ea052e75dcaeae043cdd5fef423839eb07b
- SHA512
  
  f1832200c7896f997a6e4c35e4130ab4eb81d10fcabc9dd643cfea6e30dfcfe6da4962dc41ef9f80497fa531cb8a32dc4c5c507640162d913fbcb8f55afbe04c
- SSDEEP
  
  3072:3RTddwY0JwsR4TbswYqkX5bEdGDOjESHhddJWjjY/ffIg0ju2UBsDMmYTddwY0Je:3BIMT7
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy