redline | 4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d | Triage

Submit
Reports

Overview

overview

Static

static

4ccf916fe0...8d.exe

windows7_x64

4ccf916fe0...8d.exe

windows10_x64

Sharing

General

Target

4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d
Size

924KB
Sample

201116-amzbtlb2fn
MD5

89367213d9c56af06b04275f9322bd82
SHA1

126ee4e17ca0df8aae10324242f0ba5d9fb09d5a
SHA256

4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d
SHA512

476b87e0acf64b741f4ec58607abab7f735442e9e87f950956c03e32bd799263482ea0537aa8192065dee5cd0cec1284981c2d6bba852ec722b4cd9e9139927c

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d
- Size
  
  924KB
- MD5
  
  89367213d9c56af06b04275f9322bd82
- SHA1
  
  126ee4e17ca0df8aae10324242f0ba5d9fb09d5a
- SHA256
  
  4ccf916fe0d3173dc9e6da3de749b437ff651b13bc32bf0538c29fc30c594a8d
- SHA512
  
  476b87e0acf64b741f4ec58607abab7f735442e9e87f950956c03e32bd799263482ea0537aa8192065dee5cd0cec1284981c2d6bba852ec722b4cd9e9139927c
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy