redline | ee4b58514316c6fc928e60245384560a24723e690a3311e8c2dd9e8efd5de7ca | Triage

Submit
Reports

Overview

overview

Static

static

BTRSetp.exe

windows7_x64

BTRSetp.exe

windows10_x64

Sharing

General

Target

BTRSetp.exe
Size

678KB
Sample

210218-qe7lrnnrxn
MD5

b2d8ce7b40730bc6615728b1b1795ce9
SHA1

5cf7a63f3ecc2184e7b2894c78538d89f7063fe1
SHA256

ee4b58514316c6fc928e60245384560a24723e690a3311e8c2dd9e8efd5de7ca
SHA512

cc79016627fb17a864ca3414f8bc598d52a9d17ec64ee1005b059a84597fe16493203879ff1c5a5ed46cf15a9e590098672a4b21a38852cace9bb02d8f1c531e

Score

10^/10

redline discovery infostealer persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

BTRSetp.exe

Resource

win7v20201028

redline discovery infostealer persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BTRSetp.exe

Resource

win10v20201028

redline discovery infostealer persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  BTRSetp.exe
- Size
  
  678KB
- MD5
  
  b2d8ce7b40730bc6615728b1b1795ce9
- SHA1
  
  5cf7a63f3ecc2184e7b2894c78538d89f7063fe1
- SHA256
  
  ee4b58514316c6fc928e60245384560a24723e690a3311e8c2dd9e8efd5de7ca
- SHA512
  
  cc79016627fb17a864ca3414f8bc598d52a9d17ec64ee1005b059a84597fe16493203879ff1c5a5ed46cf15a9e590098672a4b21a38852cace9bb02d8f1c531e
Score

10^/10

redline discovery infostealer persistence spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistencespyware

behavioral2

redlinediscoveryinfostealerpersistencespyware

© 2018-2024

Terms | Privacy