redline | 70af11ae12fdc645f1845b038d01ac9ba1000905c0150553fad12400db54e8dd | Triage

Submit
Reports

Overview

overview

Static

static

b4efb79c97...06.exe

windows7_x64

b4efb79c97...06.exe

windows10_x64

Sharing

General

Target

b4efb79c970f4986050184fdccd0dd06.exe
Size

789KB
Sample

201101-b8q1dtpbja
MD5

b4efb79c970f4986050184fdccd0dd06
SHA1

55634b78a92b7949584df0b3ce0e2d01a4a91850
SHA256

70af11ae12fdc645f1845b038d01ac9ba1000905c0150553fad12400db54e8dd
SHA512

b42dd87439debdfae1bb26479487cab184ecbc10b4b43d7716b291b9b32786d296a74a30b8ce1c9b8e2c8516f42d080e92cf1fd7ae6ef2c12b6955188ae1f880

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

b4efb79c970f4986050184fdccd0dd06.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b4efb79c970f4986050184fdccd0dd06.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b4efb79c970f4986050184fdccd0dd06.exe
- Size
  
  789KB
- MD5
  
  b4efb79c970f4986050184fdccd0dd06
- SHA1
  
  55634b78a92b7949584df0b3ce0e2d01a4a91850
- SHA256
  
  70af11ae12fdc645f1845b038d01ac9ba1000905c0150553fad12400db54e8dd
- SHA512
  
  b42dd87439debdfae1bb26479487cab184ecbc10b4b43d7716b291b9b32786d296a74a30b8ce1c9b8e2c8516f42d080e92cf1fd7ae6ef2c12b6955188ae1f880
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy