redline | 357155fa11754db1ffbba77378769739d9a1d665914b5706d6dfb6b046ba2c2b | Triage

Submit
Reports

Overview

overview

Static

static

8

6c985e92ab...23.exe

windows7_x64

6c985e92ab...23.exe

windows10_x64

Sharing

General

Target

6c985e92abdaf13871578f0e147b6f23.exe
Size

652KB
Sample

210105-he8y9lebb2
MD5

6c985e92abdaf13871578f0e147b6f23
SHA1

38b978b7bdb5c031fdc4508376007a155562223e
SHA256

357155fa11754db1ffbba77378769739d9a1d665914b5706d6dfb6b046ba2c2b
SHA512

b0d9fe01d3a12ac68529af766b17bcec3cfbb00c3f4ad0ddb57329e09f246d67d908d61ad55e29ffbd67573b93ac98afa2f6148d0e13fcc238c0fdbf35ce2b98

Score

10^/10

redline discovery infostealer spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

6c985e92abdaf13871578f0e147b6f23.exe

Resource

win7v20201028

redline discovery infostealer spyware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6c985e92abdaf13871578f0e147b6f23.exe

Resource

win10v20201028

redline discovery infostealer spyware upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6c985e92abdaf13871578f0e147b6f23.exe
- Size
  
  652KB
- MD5
  
  6c985e92abdaf13871578f0e147b6f23
- SHA1
  
  38b978b7bdb5c031fdc4508376007a155562223e
- SHA256
  
  357155fa11754db1ffbba77378769739d9a1d665914b5706d6dfb6b046ba2c2b
- SHA512
  
  b0d9fe01d3a12ac68529af766b17bcec3cfbb00c3f4ad0ddb57329e09f246d67d908d61ad55e29ffbd67573b93ac98afa2f6148d0e13fcc238c0fdbf35ce2b98
Score

10^/10

redline discovery infostealer spyware upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywareupx

behavioral2

redlinediscoveryinfostealerspywareupx

© 2018-2024

Terms | Privacy