redline | e846c73b8c02eb9abc0e42d17bb3f3b501e6c4a327d3308b2d16cffa7a813638 | Triage

Submit
Reports

Overview

overview

Static

static

206a2568e0...81.exe

windows7_x64

206a2568e0...81.exe

windows10_x64

Sharing

General

Target

206a2568e014f2f52c5f6aa16bb47f81.exe
Size

1.5MB
Sample

210117-ww4ms9kaxs
MD5

206a2568e014f2f52c5f6aa16bb47f81
SHA1

500a475682cf18481138fe7696447a116001eabc
SHA256

e846c73b8c02eb9abc0e42d17bb3f3b501e6c4a327d3308b2d16cffa7a813638
SHA512

73de7348574b4c2ae313729cd37d7e215a74112d810800ad3141de3fa43ffc985f7fd92b50fb57984731130e4a45405ce726c86913008857398377266c886244

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

206a2568e014f2f52c5f6aa16bb47f81.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

206a2568e014f2f52c5f6aa16bb47f81.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  206a2568e014f2f52c5f6aa16bb47f81.exe
- Size
  
  1.5MB
- MD5
  
  206a2568e014f2f52c5f6aa16bb47f81
- SHA1
  
  500a475682cf18481138fe7696447a116001eabc
- SHA256
  
  e846c73b8c02eb9abc0e42d17bb3f3b501e6c4a327d3308b2d16cffa7a813638
- SHA512
  
  73de7348574b4c2ae313729cd37d7e215a74112d810800ad3141de3fa43ffc985f7fd92b50fb57984731130e4a45405ce726c86913008857398377266c886244
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy