redline | bf95b0ad273aa3449838a2a61bd14cc9efbd129bc183c7540a1baa9caa73ea1c | Triage

Submit
Reports

Overview

overview

Static

static

3

203.exe

windows11-21h2-x64

Sharing

General

Target

203.exe
Size

323KB
Sample

240628-p7qqvstdll
MD5

42c8f8858523804d81a52b2ab0b6a061
SHA1

ddf8c7b6383d162f86d741afa7ada13ebed07364
SHA256

bf95b0ad273aa3449838a2a61bd14cc9efbd129bc183c7540a1baa9caa73ea1c
SHA512

9b75b6f856569ee3f99ad5d0def6d6319863bd577986e0a4dcdbc733f2de6d9eeaf0e26238192fc9d0697b1d277d909ff7f483314cedb38a9a51b997e5dbec58
SSDEEP

6144:O5uz/AtXTz0e0MR0TxuB3Ly2zScKh1BbCa5W8nKsZwUY:O5wAtXTz0VdgScKhr6r

Score

10^/10

redline 5195552529 discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

203.exe

Resource

win11-20240611-en

redline 5195552529 discovery infostealer spyware stealer

windows11-21h2-x64

10 signatures

600 seconds

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

- Target
  
  203.exe
- Size
  
  323KB
- MD5
  
  42c8f8858523804d81a52b2ab0b6a061
- SHA1
  
  ddf8c7b6383d162f86d741afa7ada13ebed07364
- SHA256
  
  bf95b0ad273aa3449838a2a61bd14cc9efbd129bc183c7540a1baa9caa73ea1c
- SHA512
  
  9b75b6f856569ee3f99ad5d0def6d6319863bd577986e0a4dcdbc733f2de6d9eeaf0e26238192fc9d0697b1d277d909ff7f483314cedb38a9a51b997e5dbec58
- SSDEEP
  
  6144:O5uz/AtXTz0e0MR0TxuB3Ly2zScKh1BbCa5W8nKsZwUY:O5wAtXTz0VdgScKhr6r
Score

10^/10

redline 5195552529 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline5195552529discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy