redline | dfdf406c2a27405fd840b772b329317625267de7bf4e5d506c9f7fa32c7d57da | Triage

Submit
Reports

Overview

overview

Static

static

smweeks-xf...in.exe

windows7_x64

smweeks-xf...in.exe

windows10_x64

Sharing

General

Target

smweeks-xfrime.bin.zip
Size

1.4MB
Sample

201105-91vnxntjrs
MD5

2940b72f138a03dd897d661e75e63756
SHA1

8294d75f15c6571c59423d0308a7bc58690f068f
SHA256

dfdf406c2a27405fd840b772b329317625267de7bf4e5d506c9f7fa32c7d57da
SHA512

5fc0eec01856de2b7221055632ccd7668ce47948744fd2a022f472e8707ed15c829e11183b42ebfaa49b680c2e691d74a148ce07b74e6596728568f4e1f2b77d

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

smweeks-xfrime.bin.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

smweeks-xfrime.bin.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  smweeks-xfrime.bin
- Size
  
  1.5MB
- MD5
  
  4847f643e40ad008439c8d17415d3d90
- SHA1
  
  30d1d407179656616f49b6acf1996bf0c1313030
- SHA256
  
  f9cd8e1cecf04ca59cad80ab3895eec6cef5baaf0d4339d4d96715d161ae0611
- SHA512
  
  6289e8102cc414c46a5bd3dee38a02e0bd0447bc9d580940c41130514b7affc0a1caef26ca9ca90f707cce79541f665715336d8030eb4be237577cba50bfad1a
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy