redline | 8f1ed9bf8b55eafc9339a8cf1614ddf8bd58982a05b649a72d8ea5fcac8d42b7 | Triage

Submit
Reports

Overview

overview

Static

static

8

SecuriteIn...07.exe

windows7_x64

SecuriteIn...07.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.BehavesLike.Win32.PWSBanker.jc.10507
Size

689KB
Sample

201224-g792z22f8x
MD5

784be6849df2e81f39b07520793ad2ab
SHA1

85aa4c65cfca56f7831505e817bf732bafa11199
SHA256

8f1ed9bf8b55eafc9339a8cf1614ddf8bd58982a05b649a72d8ea5fcac8d42b7
SHA512

df9870e60b9515be4445ce53a25b533931f3819f3ae4f0811066029cba591cd917b786abf43b73e089fb2b86c0906c219f10bdc5bdeef28f922ca1bc5b91370c

Score

10^/10

redline discovery infostealer spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.BehavesLike.Win32.PWSBanker.jc.10507.exe

Resource

win7v20201028

redline discovery infostealer spyware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.BehavesLike.Win32.PWSBanker.jc.10507.exe

Resource

win10v20201028

redline discovery infostealer spyware upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.BehavesLike.Win32.PWSBanker.jc.10507
- Size
  
  689KB
- MD5
  
  784be6849df2e81f39b07520793ad2ab
- SHA1
  
  85aa4c65cfca56f7831505e817bf732bafa11199
- SHA256
  
  8f1ed9bf8b55eafc9339a8cf1614ddf8bd58982a05b649a72d8ea5fcac8d42b7
- SHA512
  
  df9870e60b9515be4445ce53a25b533931f3819f3ae4f0811066029cba591cd917b786abf43b73e089fb2b86c0906c219f10bdc5bdeef28f922ca1bc5b91370c
Score

10^/10

redline discovery infostealer spyware upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywareupx

behavioral2

redlinediscoveryinfostealerspywareupx

© 2018-2024

Terms | Privacy