redline | d7e41edbdfb2f64098382cea28b8069402da3ae4c0e4511fecd81df614c23a31 | Triage

Submit
Reports

Overview

overview

Static

static

QUOTE_9887...33.exe

windows7_x64

QUOTE_9887...33.exe

windows10_x64

Sharing

General

Target

QUOTE_98876_566743_233.exe
Size

848KB
Sample

210113-g31w4gm2xa
MD5

a0c2ebdd9f987f5cd0e82d8d5aa9e636
SHA1

7d31029b5374fc9637dc0b887c0976d96a49b781
SHA256

d7e41edbdfb2f64098382cea28b8069402da3ae4c0e4511fecd81df614c23a31
SHA512

7be1e9d24c3649394a7b1cb71980650da07a3844cb84143ed9b75f410a79093156f5b1fced020ac0147ac475372704015a712f2f320f683e5a9271488483d373

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE_98876_566743_233.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTE_98876_566743_233.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  QUOTE_98876_566743_233.exe
- Size
  
  848KB
- MD5
  
  a0c2ebdd9f987f5cd0e82d8d5aa9e636
- SHA1
  
  7d31029b5374fc9637dc0b887c0976d96a49b781
- SHA256
  
  d7e41edbdfb2f64098382cea28b8069402da3ae4c0e4511fecd81df614c23a31
- SHA512
  
  7be1e9d24c3649394a7b1cb71980650da07a3844cb84143ed9b75f410a79093156f5b1fced020ac0147ac475372704015a712f2f320f683e5a9271488483d373
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy