redline | 0c870ab1638e4106f0c1b29649e9f00d527619b54dd39ced78bfed0d265c9eed | Triage

Submit
Reports

Overview

overview

Static

static

c124c4991e...89.exe

windows7_x64

c124c4991e...89.exe

windows10_x64

Sharing

General

Target

c124c4991ef8209fb59cf06fc7b6fd89.exe
Size

669KB
Sample

201102-7xywls5tjx
MD5

c124c4991ef8209fb59cf06fc7b6fd89
SHA1

da3cf2cf528793016d15ad9a69e64a66086c3a2e
SHA256

0c870ab1638e4106f0c1b29649e9f00d527619b54dd39ced78bfed0d265c9eed
SHA512

877f9d93f8a44c3315bd7df3dc5c6a9d5735026e68fb30f59e78b008267a33788ab8e9970c304e0418bb07a677598b17c51b6456e663914c80ba734e83027fdc

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

c124c4991ef8209fb59cf06fc7b6fd89.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c124c4991ef8209fb59cf06fc7b6fd89.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c124c4991ef8209fb59cf06fc7b6fd89.exe
- Size
  
  669KB
- MD5
  
  c124c4991ef8209fb59cf06fc7b6fd89
- SHA1
  
  da3cf2cf528793016d15ad9a69e64a66086c3a2e
- SHA256
  
  0c870ab1638e4106f0c1b29649e9f00d527619b54dd39ced78bfed0d265c9eed
- SHA512
  
  877f9d93f8a44c3315bd7df3dc5c6a9d5735026e68fb30f59e78b008267a33788ab8e9970c304e0418bb07a677598b17c51b6456e663914c80ba734e83027fdc
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy