redline | ac123d2ff7527afeebb9a173f9553bf6156ef680f0908671dae33e65e66cdb36 | Triage

Submit
Reports

Overview

overview

Static

static

a23d1f07df...ad.exe

windows7-x64

a23d1f07df...ad.exe

windows10-2004-x64

Sharing

General

Target

a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556_payload.exe
Size

300KB
Sample

240629-mzjapswcpb
MD5

e72e8c06df6b9911fd7690b86368b50e
SHA1

4325165d7737535b7977ce709b5e5f0e30a8e599
SHA256

ac123d2ff7527afeebb9a173f9553bf6156ef680f0908671dae33e65e66cdb36
SHA512

82682602b32008f6ca24d8721667bd17d9c2e4c9a95ed84358a9514a4a07ce675aee53d65cd49ea901ec87dc574220d4744e207fa92080fb42e5f9ae9c67c0e9
SSDEEP

3072:+cZqf7D34/p/0+mAqky4kBQIgnzB1fA0PuTVAtkxz83RQeqiOL2bBOA:+cZqf7DIRn0mrB1fA0GTV8kewL

Score

10^/10

redline foz discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556_payload.exe

Resource

win7-20240221-en

redline foz discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556_payload.exe

Resource

win10v2004-20240508-en

redline foz infostealer

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

foz

C2

147.45.45.3:1912

Targets

- Target
  
  a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556_payload.exe
- Size
  
  300KB
- MD5
  
  e72e8c06df6b9911fd7690b86368b50e
- SHA1
  
  4325165d7737535b7977ce709b5e5f0e30a8e599
- SHA256
  
  ac123d2ff7527afeebb9a173f9553bf6156ef680f0908671dae33e65e66cdb36
- SHA512
  
  82682602b32008f6ca24d8721667bd17d9c2e4c9a95ed84358a9514a4a07ce675aee53d65cd49ea901ec87dc574220d4744e207fa92080fb42e5f9ae9c67c0e9
- SSDEEP
  
  3072:+cZqf7D34/p/0+mAqky4kBQIgnzB1fA0PuTVAtkxz83RQeqiOL2bBOA:+cZqf7DIRn0mrB1fA0GTV8kewL
Score

10^/10

redline foz discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinefozdiscoveryinfostealerspywarestealer

behavioral2

redlinefozinfostealer

© 2018-2024

Terms | Privacy