redline | 39f2afe57c2d81da285b4adf129d7ad9cd3af800d60b93dadb0dd17e0a27aea8 | Triage

Submit
Reports

Overview

overview

Static

static

25b398e921...79.exe

windows7_x64

25b398e921...79.exe

windows10_x64

Sharing

General

Target

25b398e92110497f671b2a2bb18bae79.exe
Size

851KB
Sample

210108-95j8p4l75n
MD5

25b398e92110497f671b2a2bb18bae79
SHA1

3d6f5253f31e801d33e5d6e09e3d595b1e89be55
SHA256

39f2afe57c2d81da285b4adf129d7ad9cd3af800d60b93dadb0dd17e0a27aea8
SHA512

ba2cb200db0adfb08652c474226fc13a3f7c27a941b1b44b71d85453975957b3f848e6fc257067701bd9d7f3230545111e3d55570fe072bf6a752cfabbabdcb9

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

25b398e92110497f671b2a2bb18bae79.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

25b398e92110497f671b2a2bb18bae79.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  25b398e92110497f671b2a2bb18bae79.exe
- Size
  
  851KB
- MD5
  
  25b398e92110497f671b2a2bb18bae79
- SHA1
  
  3d6f5253f31e801d33e5d6e09e3d595b1e89be55
- SHA256
  
  39f2afe57c2d81da285b4adf129d7ad9cd3af800d60b93dadb0dd17e0a27aea8
- SHA512
  
  ba2cb200db0adfb08652c474226fc13a3f7c27a941b1b44b71d85453975957b3f848e6fc257067701bd9d7f3230545111e3d55570fe072bf6a752cfabbabdcb9
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy