redline | 544df7e0b35c825673c785c27e0bdda1f4559e4f3cef72615108d24f15ffbd58 | Triage

Submit
Reports

Overview

overview

Static

static

1

Updated-Ve...7.html

windows10-1703-x64

Sharing

General

Target

Updated-Ver-v319-04-27
Size

7KB
Sample

240630-1d5tgawdre
MD5

daef02f6b1316ad0e05d17060f1490cc
SHA1

31c445c775a89734e75f93f4614dbdc5d7afd59b
SHA256

544df7e0b35c825673c785c27e0bdda1f4559e4f3cef72615108d24f15ffbd58
SHA512

cb63884b1f8d4815b614e2d68eba192199f5021a2d64c536ff514a8fdbeca0d928cc45013da3d9c00fc3c45b0154d4e8aad0034f9c4894859d0b65d6f81202e5
SSDEEP

96:3suWziM8mMAfjmZ/r4N/PJjeIJumKF95RZjieojwXZkDpkqP18Gmf:ut7m5WJjeeu1hkrWf

Score

10^/10

redline @hersgorid discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Updated-Ver-v319-04-27.html

Resource

win10-20240404-en

redline @hersgorid discovery infostealer spyware stealer

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@hersgorid

C2

94.228.166.68:80

Targets

- Target
  
  Updated-Ver-v319-04-27
- Size
  
  7KB
- MD5
  
  daef02f6b1316ad0e05d17060f1490cc
- SHA1
  
  31c445c775a89734e75f93f4614dbdc5d7afd59b
- SHA256
  
  544df7e0b35c825673c785c27e0bdda1f4559e4f3cef72615108d24f15ffbd58
- SHA512
  
  cb63884b1f8d4815b614e2d68eba192199f5021a2d64c536ff514a8fdbeca0d928cc45013da3d9c00fc3c45b0154d4e8aad0034f9c4894859d0b65d6f81202e5
- SSDEEP
  
  96:3suWziM8mMAfjmZ/r4N/PJjeIJumKF95RZjieojwXZkDpkqP18Gmf:ut7m5WJjeeu1hkrWf
Score

10^/10

redline @hersgorid discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline@hersgoriddiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy