redline | 7b6c0334b1cc26e87e6a071ed278dd0781634460e0de56245fc306624340fb21 | Triage

Submit
Reports

Overview

overview

Static

static

cb4255d73d...54.exe

windows7_x64

cb4255d73d...54.exe

windows10_x64

Sharing

General

Target

cb4255d73d0fd4ce9a13464ddae05d54.exe
Size

781KB
Sample

201101-68vdr9hfrj
MD5

cb4255d73d0fd4ce9a13464ddae05d54
SHA1

75c531c0bf974395be88ea678b95561de4e8966d
SHA256

7b6c0334b1cc26e87e6a071ed278dd0781634460e0de56245fc306624340fb21
SHA512

63b885330de0e8a07919a267b751cab364c302a35d093ca73a42ca4599365675a7cdb4278134b7bb10fe2dc72d039ad3704e7bc0eca8ac9db93ed7ee0dd56ed4

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

cb4255d73d0fd4ce9a13464ddae05d54.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cb4255d73d0fd4ce9a13464ddae05d54.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cb4255d73d0fd4ce9a13464ddae05d54.exe
- Size
  
  781KB
- MD5
  
  cb4255d73d0fd4ce9a13464ddae05d54
- SHA1
  
  75c531c0bf974395be88ea678b95561de4e8966d
- SHA256
  
  7b6c0334b1cc26e87e6a071ed278dd0781634460e0de56245fc306624340fb21
- SHA512
  
  63b885330de0e8a07919a267b751cab364c302a35d093ca73a42ca4599365675a7cdb4278134b7bb10fe2dc72d039ad3704e7bc0eca8ac9db93ed7ee0dd56ed4
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy