redline | e10a0b049f468fe1e88dc589c37e6743a248f6f9461f99b0c1ac983694fe958e | Triage

Submit
Reports

Overview

overview

Static

static

QUOTE_2778...OC.exe

windows7_x64

QUOTE_2778...OC.exe

windows10_x64

Sharing

General

Target

QUOTE_27788387_0092338_0019992DOC.exe
Size

1.2MB
Sample

201225-45mesnfkfs
MD5

63504c97d96f3c4516632d9dd03a7598
SHA1

21389d6e11b286852168cbc78b6636669d015b11
SHA256

e10a0b049f468fe1e88dc589c37e6743a248f6f9461f99b0c1ac983694fe958e
SHA512

7ad45d449a99747e9968d9bd35c8ac378e62206f4f6f729da2199548f7f202281721eef5d648945d0b0a5890bce58cc0c02a96429759902a9f31814eeb194e7f

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE_27788387_0092338_0019992DOC.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTE_27788387_0092338_0019992DOC.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  QUOTE_27788387_0092338_0019992DOC.exe
- Size
  
  1.2MB
- MD5
  
  63504c97d96f3c4516632d9dd03a7598
- SHA1
  
  21389d6e11b286852168cbc78b6636669d015b11
- SHA256
  
  e10a0b049f468fe1e88dc589c37e6743a248f6f9461f99b0c1ac983694fe958e
- SHA512
  
  7ad45d449a99747e9968d9bd35c8ac378e62206f4f6f729da2199548f7f202281721eef5d648945d0b0a5890bce58cc0c02a96429759902a9f31814eeb194e7f
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy