redline | bef5636daa6cccce3b38d8d284de1cb1ad2cfb36cbcaede1c8f7478e706f1201 | Triage

Submit
Reports

Overview

overview

Static

static

42c13b2a7b...78.exe

windows7_x64

42c13b2a7b...78.exe

windows10_x64

Sharing

General

Target

42c13b2a7baf59c6d0d6ee1ce3c0be78.exe
Size

651KB
Sample

210225-7d6rr4h1bx
MD5

42c13b2a7baf59c6d0d6ee1ce3c0be78
SHA1

c4f5d427c8257547f642c5eb2dc7aab687825cc6
SHA256

bef5636daa6cccce3b38d8d284de1cb1ad2cfb36cbcaede1c8f7478e706f1201
SHA512

0418d7e28a56861a7742b83b70b0801902bb9680ca1cd9dfb068c7986986c23cc4a85554f970ff8c6c4095827e64140646387905c4e80f788b0e2ad47d8a5e7a

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

42c13b2a7baf59c6d0d6ee1ce3c0be78.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

42c13b2a7baf59c6d0d6ee1ce3c0be78.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  42c13b2a7baf59c6d0d6ee1ce3c0be78.exe
- Size
  
  651KB
- MD5
  
  42c13b2a7baf59c6d0d6ee1ce3c0be78
- SHA1
  
  c4f5d427c8257547f642c5eb2dc7aab687825cc6
- SHA256
  
  bef5636daa6cccce3b38d8d284de1cb1ad2cfb36cbcaede1c8f7478e706f1201
- SHA512
  
  0418d7e28a56861a7742b83b70b0801902bb9680ca1cd9dfb068c7986986c23cc4a85554f970ff8c6c4095827e64140646387905c4e80f788b0e2ad47d8a5e7a
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy