redline | c7383b039d569cc256026d6b7985bb763f36530708bca3e4f82fa130d2d7dfbb | Triage

Submit
Reports

Overview

overview

Static

static

3

Aura.exe

windows7-x64

3

Aura.exe

windows10-2004-x64

Resubmissions

29-06-2024 09:31

240629-lg563sxglj 10

29-06-2024 09:28

240629-lfeyhaxfrk 10

29-06-2024 09:23

240629-lcqktsxfmk 10

Sharing

General

Target

Aura.exe
Size

493KB
Sample

240629-lcqktsxfmk
MD5

7e7b8be8a1f1ef05c932ea1e8eab6590
SHA1

f790227a5148d6cba037c24643306f330c6fe5f4
SHA256

c7383b039d569cc256026d6b7985bb763f36530708bca3e4f82fa130d2d7dfbb
SHA512

c57fc80bf97309ca887c88526fc586b080d47c4f2ebe611d40f94f48c0af2b7c56cec19f0379a5bc27bd6a0e2f75bdb7953c05bcc1069633812bbd22649ef890
SSDEEP

12288:qGlz1vS9p1+kOwILHmKfZcBg688m/Iezfihoto8:qyNSgJqBg6NmAeehn

Score

10^/10

redline @hitok4111 discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Aura.exe

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Aura.exe

Resource

win10v2004-20240508-en

redline @hitok4111 discovery infostealer spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@hitok4111

C2

94.228.166.68:80

Targets

- Target
  
  Aura.exe
- Size
  
  493KB
- MD5
  
  7e7b8be8a1f1ef05c932ea1e8eab6590
- SHA1
  
  f790227a5148d6cba037c24643306f330c6fe5f4
- SHA256
  
  c7383b039d569cc256026d6b7985bb763f36530708bca3e4f82fa130d2d7dfbb
- SHA512
  
  c57fc80bf97309ca887c88526fc586b080d47c4f2ebe611d40f94f48c0af2b7c56cec19f0379a5bc27bd6a0e2f75bdb7953c05bcc1069633812bbd22649ef890
- SSDEEP
  
  12288:qGlz1vS9p1+kOwILHmKfZcBg688m/Iezfihoto8:qyNSgJqBg6NmAeehn
Score

10^/10

redline @hitok4111 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redline@hitok4111discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy