redline | 2b1503e2375fcd64699867b513e8e51a6f15a1fbc461755249bff01adb658985 | Triage

Submit
Reports

Overview

overview

Static

static

installer.exe

windows7_x64

installer.exe

windows10_x64

Sharing

General

Target

installer.exe
Size

169KB
Sample

210218-z19yjdz5v6
MD5

874d5bd8807cebd41fd65ea12f4f9252
SHA1

d3833cf480b3d6bdd05be3e837cdebabfc6cdb5d
SHA256

2b1503e2375fcd64699867b513e8e51a6f15a1fbc461755249bff01adb658985
SHA512

b2e47db04d8bc92037e1d1492df161f1e66a75ef99e3c77b3ae6b9b74e270cb7b705f02b26ca9edf63a138244ca013fb4b7d41d4ade66404d1ec77433bbe1b48

Score

10^/10

redline discovery infostealer persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

installer.exe

Resource

win7v20201028

redline discovery infostealer persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

installer.exe

Resource

win10v20201028

redline discovery infostealer persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  installer.exe
- Size
  
  169KB
- MD5
  
  874d5bd8807cebd41fd65ea12f4f9252
- SHA1
  
  d3833cf480b3d6bdd05be3e837cdebabfc6cdb5d
- SHA256
  
  2b1503e2375fcd64699867b513e8e51a6f15a1fbc461755249bff01adb658985
- SHA512
  
  b2e47db04d8bc92037e1d1492df161f1e66a75ef99e3c77b3ae6b9b74e270cb7b705f02b26ca9edf63a138244ca013fb4b7d41d4ade66404d1ec77433bbe1b48
Score

10^/10

redline discovery infostealer persistence spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistencespyware

behavioral2

redlinediscoveryinfostealerpersistencespyware

© 2018-2024

Terms | Privacy