redline | 460a622d1fa2330e1a73155bc7c80307895e01d21103ecb20e9db863c9ea6a1f | Triage

Submit
Reports

Overview

overview

Static

static

3

github.sof....8.exe

windows7-x64

3

github.sof....8.exe

windows10-2004-x64

Sharing

General

Target

github.software.1.2.8.exe
Size

934KB
Sample

240701-lkkpjsxdpk
MD5

0179b1deef023bb8797577cc4d02b4b2
SHA1

89ac3e9ed8c6cf136f291188bfbc0fd9ead5c95a
SHA256

460a622d1fa2330e1a73155bc7c80307895e01d21103ecb20e9db863c9ea6a1f
SHA512

e3052dd2edb787be0cd90b6e2aadb74f632711b381408831b6f21b6952bc8fe41cfe4d086dacd24e59ba891d31b4e5cfa000bb40937cfd02f32ad0f284679642
SSDEEP

24576:jidbdQCtwExZxOFyC0F73Os7mRkpxvZer57DTs23emghGp5q:OwExZxOF9f0mRkppZedo4J/p5q

Score

10^/10

redline red discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

github.software.1.2.8.exe

Resource

win7-20240611-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

github.software.1.2.8.exe

Resource

win10v2004-20240226-en

redline red discovery infostealer spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

red

C2

147.45.44.12:13830

Targets

- Target
  
  github.software.1.2.8.exe
- Size
  
  934KB
- MD5
  
  0179b1deef023bb8797577cc4d02b4b2
- SHA1
  
  89ac3e9ed8c6cf136f291188bfbc0fd9ead5c95a
- SHA256
  
  460a622d1fa2330e1a73155bc7c80307895e01d21103ecb20e9db863c9ea6a1f
- SHA512
  
  e3052dd2edb787be0cd90b6e2aadb74f632711b381408831b6f21b6952bc8fe41cfe4d086dacd24e59ba891d31b4e5cfa000bb40937cfd02f32ad0f284679642
- SSDEEP
  
  24576:jidbdQCtwExZxOFyC0F73Os7mRkpxvZer57DTs23emghGp5q:OwExZxOF9f0mRkppZedo4J/p5q
Score

10^/10

redline red discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlinereddiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy