redline | ba483bee9e68e055952e71255eb24bd6ca52c1238d3efe96bcb66506e80e6792 | Triage

Submit
Reports

Overview

overview

Static

static

9bf1c67dbb...34.exe

windows7_x64

9bf1c67dbb...34.exe

windows10_x64

Sharing

General

Target

9bf1c67dbbc2b863c6254ef7415bb434.exe
Size

714KB
Sample

201208-qtdzh6erta
MD5

9bf1c67dbbc2b863c6254ef7415bb434
SHA1

d2578d8ce1dacdad808f88c682aa3a6d0e00e71f
SHA256

ba483bee9e68e055952e71255eb24bd6ca52c1238d3efe96bcb66506e80e6792
SHA512

6b68fdf365aebd2a4f648be78caf201a1721e17838e613e4c98bfdbf75e56388d305cdb46022ade22f7aeef1c38dc8878a276bdb57ac81328e19226efc925dc2

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

9bf1c67dbbc2b863c6254ef7415bb434.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9bf1c67dbbc2b863c6254ef7415bb434.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9bf1c67dbbc2b863c6254ef7415bb434.exe
- Size
  
  714KB
- MD5
  
  9bf1c67dbbc2b863c6254ef7415bb434
- SHA1
  
  d2578d8ce1dacdad808f88c682aa3a6d0e00e71f
- SHA256
  
  ba483bee9e68e055952e71255eb24bd6ca52c1238d3efe96bcb66506e80e6792
- SHA512
  
  6b68fdf365aebd2a4f648be78caf201a1721e17838e613e4c98bfdbf75e56388d305cdb46022ade22f7aeef1c38dc8878a276bdb57ac81328e19226efc925dc2
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy