redline | dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8 | Triage

Sharing

General

Target

84a0f9d46ca77c5ae10713f844cfedbd.exe
Size

20KB
Sample

200707-mc3fwjpgga
MD5

84a0f9d46ca77c5ae10713f844cfedbd
SHA1

1e1cdc9cc03c026157bdc5dca1f9c0ee78de71aa
SHA256

dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8
SHA512

69cc6970ff185a0795257739a41864d69306468bc82cdddfec20b0239a00f562d8e0a012a7127c2bdae083da38e3700e0099b933436850e85137c5f7d1fe73ed

Score

10^/10

redline discovery evasion infostealer spyware trojan

Malware Config

Targets

- Target
  
  84a0f9d46ca77c5ae10713f844cfedbd.exe
- Size
  
  20KB
- MD5
  
  84a0f9d46ca77c5ae10713f844cfedbd
- SHA1
  
  1e1cdc9cc03c026157bdc5dca1f9c0ee78de71aa
- SHA256
  
  dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8
- SHA512
  
  69cc6970ff185a0795257739a41864d69306468bc82cdddfec20b0239a00f562d8e0a012a7127c2bdae083da38e3700e0099b933436850e85137c5f7d1fe73ed
Score

10^/10

evasion spyware trojan discovery infostealer redline
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywaretrojandiscoveryinfostealerredline