redline

Sharing

Copy URL

Twitter E-mail

General

Target

excellent.rar
Size

8.2MB
Sample

240628-wqwdca1dnl
MD5

74390a2247fd11601ddbe918121b2a2a
SHA1

67986feefd597389e1fc1d8386af318100f446a2
SHA256

0a31cb7d5b2cdaec7287a6e3a9338f7da9922b85693d5111aa50ec43dde3d3de
SHA512

05be574b9b39197e7da11949a9e8d8d07eefffcdd91b26127356e53f0952c03d8e5668b9bffc3fefe8b67ea35fdc292c70275981312b7516afd11dd4f87ace9f
SSDEEP

196608:tDT22I/nk9psflVIhoFaTQRn4gE+trIghtZmUmvBH:tDLI/nYUlVJRBDEgrIgh6Xvd

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

6627938439_99

https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac

Targets

- Target
  
  excellent.rar
- Size
  
  8.2MB
- MD5
  
  74390a2247fd11601ddbe918121b2a2a
- SHA1
  
  67986feefd597389e1fc1d8386af318100f446a2
- SHA256
  
  0a31cb7d5b2cdaec7287a6e3a9338f7da9922b85693d5111aa50ec43dde3d3de
- SHA512
  
  05be574b9b39197e7da11949a9e8d8d07eefffcdd91b26127356e53f0952c03d8e5668b9bffc3fefe8b67ea35fdc292c70275981312b7516afd11dd4f87ace9f
- SSDEEP
  
  196608:tDT22I/nk9psflVIhoFaTQRn4gE+trIghtZmUmvBH:tDLI/nYUlVJRBDEgrIgh6Xvd
Score

10^/10

redline 6627938439_99 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  excellent.exe
- Size
  
  296KB
- MD5
  
  efad4f96f696391769ef9944978dbb3b
- SHA1
  
  42ad30f7af140544eaeb8cc32d8fe5568aca8944
- SHA256
  
  26e9f0c78dde027c60eeacca5852a8f08853c440048ae45cbb054fd12e0cddd2
- SHA512
  
  427b793cd433be1251d8348a5d788ff4c927c5c78c6d2ad15a5de4de64f57e1c0182534d180de388734e28a4563f1b92fc30f1365356bd2fe6546beaf6da9da4
- SSDEEP
  
  6144:KL4miZW6NAIn7RMWhrWzMCx5T2exIT4tifYfcDVn0Q0+A9b/pcvEV:KEI5I7XCMCx5T2exIT4tifYfcDVn0Q0n
Score

10^/10

redline 6627938439_99 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  libGLESv2.dll
- Size
  
  6.8MB
- MD5
  
  90ad3c47740fce98015444d1289af9b9
- SHA1
  
  0135a04b2b590e1647e3a2b123596d62d57fece0
- SHA256
  
  2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1
- SHA512
  
  40bdd65a9fa761bd3835ea9fb8c4c4d90531253d9dc7183d59c2051a627afc8b267d8de7e7478396e9fb779796f2b7e9b012564446671b4ed06427de5e93689e
- SSDEEP
  
  98304:WYasIDptJ/QOjZfU5Q9S6Vaem7EdGSfhgbMKl4F:WJJd59Hk392thgbMim
Score

1^/10
behavioral5 behavioral6
- Target
  
  updater.ini
- Size
  
  3.6MB
- MD5
  
  971543b2412541a890ec173524db2ccf
- SHA1
  
  0e49b25e0dc320a85d3c11908a444779695501f5
- SHA256
  
  2096cacb59cb1bcf9605e4d6897e02007e06f2cf1ace4cda961c0ae2b57fc8aa
- SHA512
  
  bf1c9677f32c24a64d058f6d42f4d65c5d52c94777513b3f7793e62fb974209891881d0d437aeba20a75d4aac1096e1205baa631d98e038ade5f42500e752bed
- SSDEEP
  
  49152:dD6v+il2pVC/GDm70+mdGJ4B6YtYAgbMKl4wRd0:9S6Vaem7EdGSfhgbMKl4F
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

RedLine

RedLine payload

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8