redline | 38ff1916bf18ce69b3dc98a2a81160d19023c77e5e83e240798114d249886eb8 | Triage

Submit
Reports

Overview

overview

Static

static

Ramstam.exe

windows7_x64

Ramstam.exe

windows10_x64

Sharing

General

Target

Ramstam.exe
Size

25KB
Sample

210125-3gmh5wrda2
MD5

79870a39c043dbc5e6c1959ae1ca61d8
SHA1

aa889650128a5178205c5d74894b0ade97d0cee0
SHA256

38ff1916bf18ce69b3dc98a2a81160d19023c77e5e83e240798114d249886eb8
SHA512

dd2264e9cd18625c7a061604f6469e059f7ee9095d860723aea6f638bd2acf4101b9c3ce7f6bd588dc3cfee66d40b145804c18bd38668b41789bc2769fc4e906

Score

10^/10

redline infostealer

Static task

static1

Behavioral task

behavioral1

Sample

Ramstam.exe

Resource

win7v20201028

redline infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ramstam.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Ramstam.exe
- Size
  
  25KB
- MD5
  
  79870a39c043dbc5e6c1959ae1ca61d8
- SHA1
  
  aa889650128a5178205c5d74894b0ade97d0cee0
- SHA256
  
  38ff1916bf18ce69b3dc98a2a81160d19023c77e5e83e240798114d249886eb8
- SHA512
  
  dd2264e9cd18625c7a061604f6469e059f7ee9095d860723aea6f638bd2acf4101b9c3ce7f6bd588dc3cfee66d40b145804c18bd38668b41789bc2769fc4e906
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy