redline | 9d7cd70852435e73846e3050cf060d345173d44df492593ea0821d023c0e7f67 | Triage

Submit
Reports

Overview

overview

Static

static

d02075e118...54.exe

windows7_x64

d02075e118...54.exe

windows10_x64

Sharing

General

Target

d02075e11831e9b95ca654063a249554.exe
Size

780KB
Sample

201101-cvrsnb5cxe
MD5

d02075e11831e9b95ca654063a249554
SHA1

ce46e830a3bdd48891c67e07786d3523ed89b9f5
SHA256

9d7cd70852435e73846e3050cf060d345173d44df492593ea0821d023c0e7f67
SHA512

5022601bc9d6436d4ac903d49dee44e89f8bf91eac6b8b240aa511c241946bfa43c312ae9b32b66a9c40e52bf48d06e3b374c4c7088af05eb54bec6e3133f0d6

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

d02075e11831e9b95ca654063a249554.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d02075e11831e9b95ca654063a249554.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d02075e11831e9b95ca654063a249554.exe
- Size
  
  780KB
- MD5
  
  d02075e11831e9b95ca654063a249554
- SHA1
  
  ce46e830a3bdd48891c67e07786d3523ed89b9f5
- SHA256
  
  9d7cd70852435e73846e3050cf060d345173d44df492593ea0821d023c0e7f67
- SHA512
  
  5022601bc9d6436d4ac903d49dee44e89f8bf91eac6b8b240aa511c241946bfa43c312ae9b32b66a9c40e52bf48d06e3b374c4c7088af05eb54bec6e3133f0d6
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy