redline | b3feea58dffddae3a837b055078d8a3ed2db731fd6c7d77aa1164a0185f3b169 | Triage

Submit
Reports

Overview

overview

Static

static

37bac8328c...3e.exe

windows7_x64

37bac8328c...3e.exe

windows10_x64

Sharing

General

Target

37bac8328c2d21395abcca4a15321f3e.exe
Size

655KB
Sample

210212-v83sf72zze
MD5

37bac8328c2d21395abcca4a15321f3e
SHA1

692945e8ca8a7051c95083d95f53d2e9c0498926
SHA256

b3feea58dffddae3a837b055078d8a3ed2db731fd6c7d77aa1164a0185f3b169
SHA512

85feed8eae32d63a971bf22863eb5aa5078bb83eedf4794cecd47589fb09a0f2d065c8760298d240923edc1bf446542e1ee6f58b2a3ad6d8d70965ac518b9c44

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

37bac8328c2d21395abcca4a15321f3e.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

37bac8328c2d21395abcca4a15321f3e.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  37bac8328c2d21395abcca4a15321f3e.exe
- Size
  
  655KB
- MD5
  
  37bac8328c2d21395abcca4a15321f3e
- SHA1
  
  692945e8ca8a7051c95083d95f53d2e9c0498926
- SHA256
  
  b3feea58dffddae3a837b055078d8a3ed2db731fd6c7d77aa1164a0185f3b169
- SHA512
  
  85feed8eae32d63a971bf22863eb5aa5078bb83eedf4794cecd47589fb09a0f2d065c8760298d240923edc1bf446542e1ee6f58b2a3ad6d8d70965ac518b9c44
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy