redline | c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615 | Triage

Submit
Reports

Overview

overview

Static

static

1

c36731bbbd...15.exe

windows7_x64

c36731bbbd...15.exe

windows10_x64

Sharing

General

Target

c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615
Size

326KB
Sample

201106-3apnys7vm2
MD5

c4a89a02b450d3d1a68f3e51ec6d9d1d
SHA1

494a01d18a3cb20f58af0443529167106e16aea7
SHA256

c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615
SHA512

709ccae6fe172fe221603b32f68c4f8d0a4806b6fa49e8165d1974d334bcb56101b0cc48f8792e80b89f4671cd56eda50d0819881e1a61a0924b69b39161401c

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615
- Size
  
  326KB
- MD5
  
  c4a89a02b450d3d1a68f3e51ec6d9d1d
- SHA1
  
  494a01d18a3cb20f58af0443529167106e16aea7
- SHA256
  
  c36731bbbdf8acb5750c33bef71b6cbf5efa76f0365ca9a2856499dda7913615
- SHA512
  
  709ccae6fe172fe221603b32f68c4f8d0a4806b6fa49e8165d1974d334bcb56101b0cc48f8792e80b89f4671cd56eda50d0819881e1a61a0924b69b39161401c
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy