redline | 41fc0071b14fa3a5990852af374922d234be8404ad0179e205d69b5e80613066 | Triage

Submit
Reports

Overview

overview

Static

static

7aa21aecbd...76.exe

windows7_x64

7aa21aecbd...76.exe

windows10_x64

Sharing

General

Target

7aa21aecbdf633b2c535f267f4053f76.exe
Size

580KB
Sample

210205-9nvbbs6wza
MD5

7aa21aecbdf633b2c535f267f4053f76
SHA1

4fc1081d614de271ede2e8f54b2149cc074b82c0
SHA256

41fc0071b14fa3a5990852af374922d234be8404ad0179e205d69b5e80613066
SHA512

b9689a74080b14179a81be09248bd81d1e1bd7c0f2e38cbd919f9b512988d2d2bbbeca47a2926acaabc222a8f8870cc1aa2a1f7de565b2dfb1e333b782b84af0

Score

10^/10

redline discovery infostealer ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

7aa21aecbdf633b2c535f267f4053f76.exe

Resource

win7v20201028

redline discovery infostealer ransomware spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7aa21aecbdf633b2c535f267f4053f76.exe

Resource

win10v20201028

redline discovery infostealer ransomware spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7aa21aecbdf633b2c535f267f4053f76.exe
- Size
  
  580KB
- MD5
  
  7aa21aecbdf633b2c535f267f4053f76
- SHA1
  
  4fc1081d614de271ede2e8f54b2149cc074b82c0
- SHA256
  
  41fc0071b14fa3a5990852af374922d234be8404ad0179e205d69b5e80613066
- SHA512
  
  b9689a74080b14179a81be09248bd81d1e1bd7c0f2e38cbd919f9b512988d2d2bbbeca47a2926acaabc222a8f8870cc1aa2a1f7de565b2dfb1e333b782b84af0
Score

10^/10

redline discovery infostealer ransomware spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerransomwarespyware

behavioral2

redlinediscoveryinfostealerransomwarespyware

© 2018-2024

Terms | Privacy