redline | 87cd820fbd3707a5c0163a68fc72eeee76d16867aefc372c19b03bf1edc0bbd7 | Triage

Submit
Reports

Overview

overview

Static

static

75be014e5c...08.exe

windows7_x64

75be014e5c...08.exe

windows10_x64

Sharing

General

Target

75be014e5cba03bc01cad324c0858808.exe
Size

777KB
Sample

201030-zx4zgxk8ne
MD5

75be014e5cba03bc01cad324c0858808
SHA1

ea7975231e51ed81b1f3f101580829b2cce39fc3
SHA256

87cd820fbd3707a5c0163a68fc72eeee76d16867aefc372c19b03bf1edc0bbd7
SHA512

fef33c0723c826d899480d0a880cce771a18d0582bca1a01144f7671bb47ddf45752c7e450fdb417f91919ec1c5c4b6a6b6f21546b0f0aa6590d993adaee8eea

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

75be014e5cba03bc01cad324c0858808.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

75be014e5cba03bc01cad324c0858808.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  75be014e5cba03bc01cad324c0858808.exe
- Size
  
  777KB
- MD5
  
  75be014e5cba03bc01cad324c0858808
- SHA1
  
  ea7975231e51ed81b1f3f101580829b2cce39fc3
- SHA256
  
  87cd820fbd3707a5c0163a68fc72eeee76d16867aefc372c19b03bf1edc0bbd7
- SHA512
  
  fef33c0723c826d899480d0a880cce771a18d0582bca1a01144f7671bb47ddf45752c7e450fdb417f91919ec1c5c4b6a6b6f21546b0f0aa6590d993adaee8eea
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy