redline | db7e0d16d32e7f115933695d419b903e24b14b7db4c347ab8380676c663edcb6 | Triage

Submit
Reports

Overview

overview

Static

static

36e2f9c1e4...59.exe

windows7_x64

36e2f9c1e4...59.exe

windows10_x64

Sharing

General

Target

36e2f9c1e431033d5adb37b0dc81bf59.exe
Size

591KB
Sample

201104-hcdfb7pgle
MD5

36e2f9c1e431033d5adb37b0dc81bf59
SHA1

b031e56801f13ceaa555a9ae03ed68bd045e804d
SHA256

db7e0d16d32e7f115933695d419b903e24b14b7db4c347ab8380676c663edcb6
SHA512

909ce3030ee3a7c723e6465b0c42baa15c9e6e27ff8a05eb6d103f40b373d9b9a0926d988695ce7070671f7cebd57abb59a688562f54485cb947b3118988277c

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

36e2f9c1e431033d5adb37b0dc81bf59.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

36e2f9c1e431033d5adb37b0dc81bf59.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  36e2f9c1e431033d5adb37b0dc81bf59.exe
- Size
  
  591KB
- MD5
  
  36e2f9c1e431033d5adb37b0dc81bf59
- SHA1
  
  b031e56801f13ceaa555a9ae03ed68bd045e804d
- SHA256
  
  db7e0d16d32e7f115933695d419b903e24b14b7db4c347ab8380676c663edcb6
- SHA512
  
  909ce3030ee3a7c723e6465b0c42baa15c9e6e27ff8a05eb6d103f40b373d9b9a0926d988695ce7070671f7cebd57abb59a688562f54485cb947b3118988277c
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy