redline | a766d92b540516fd0e6999039576799146073f3a8d5e3f8a196af2bc725489ad | Triage

Submit
Reports

Overview

overview

Static

static

425fa3a5d6...13.exe

windows7_x64

425fa3a5d6...13.exe

windows10_x64

Sharing

General

Target

425fa3a5d6422b4f9985ee493aefe613.exe
Size

654KB
Sample

210212-pmy86213w6
MD5

425fa3a5d6422b4f9985ee493aefe613
SHA1

2dfa3009b81ca30a1a73c3459aec5486f56a03d6
SHA256

a766d92b540516fd0e6999039576799146073f3a8d5e3f8a196af2bc725489ad
SHA512

f22cab9f647e226dffc4a37f39ebbee26c716afe746e58b430eb23f5c475d9bbccf297491d626e5100b9d6cd13e60c485115a1e4523ef19fdd02a6d8cb5e0c04

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

425fa3a5d6422b4f9985ee493aefe613.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

425fa3a5d6422b4f9985ee493aefe613.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  425fa3a5d6422b4f9985ee493aefe613.exe
- Size
  
  654KB
- MD5
  
  425fa3a5d6422b4f9985ee493aefe613
- SHA1
  
  2dfa3009b81ca30a1a73c3459aec5486f56a03d6
- SHA256
  
  a766d92b540516fd0e6999039576799146073f3a8d5e3f8a196af2bc725489ad
- SHA512
  
  f22cab9f647e226dffc4a37f39ebbee26c716afe746e58b430eb23f5c475d9bbccf297491d626e5100b9d6cd13e60c485115a1e4523ef19fdd02a6d8cb5e0c04
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy