redline | e9c754037d5a8041b7ae49d0fe58ccf05c1369b7d801d53fb7a6d4d24002df27 | Triage

Submit
Reports

Overview

overview

Static

static

FakeNordVPN_small.exe

windows7_x64

FakeNordVPN_small.exe

windows10_x64

Sharing

General

Target

FakeNordVPN_small.exe
Size

511KB
Sample

201211-1pg39zk1re
MD5

49525eb68b10c8c3384f7ab078cc0dfa
SHA1

fe5629684c1a429f7944696800ceaf8135b8568b
SHA256

e9c754037d5a8041b7ae49d0fe58ccf05c1369b7d801d53fb7a6d4d24002df27
SHA512

82f63c7db8dc7bd14461aa276f2bca6c7ee62c57f9a4adef0380ce31778138a6444da7f8e5b13d8a2dff8f4de97d2e06ab6a7f3c7c58649bb8a72ca191923e4e

Score

10^/10

redline infostealer

Static task

static1

Behavioral task

behavioral1

Sample

FakeNordVPN_small.exe

Resource

win7v20201028

redline infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FakeNordVPN_small.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FakeNordVPN_small.exe
- Size
  
  511KB
- MD5
  
  49525eb68b10c8c3384f7ab078cc0dfa
- SHA1
  
  fe5629684c1a429f7944696800ceaf8135b8568b
- SHA256
  
  e9c754037d5a8041b7ae49d0fe58ccf05c1369b7d801d53fb7a6d4d24002df27
- SHA512
  
  82f63c7db8dc7bd14461aa276f2bca6c7ee62c57f9a4adef0380ce31778138a6444da7f8e5b13d8a2dff8f4de97d2e06ab6a7f3c7c58649bb8a72ca191923e4e
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy