redline | b3c2ed1edebee42767277652dbdb2c3c17c3b33707c975b1679e956658701825 | Triage

Submit
Reports

Overview

overview

Static

static

1159b5c0e7...7a.exe

windows7_x64

1159b5c0e7...7a.exe

windows10_x64

Sharing

General

Target

1159b5c0e7acc0d01f99c456b5a2e17a.exe
Size

650KB
Sample

210225-g4tyfxwg36
MD5

1159b5c0e7acc0d01f99c456b5a2e17a
SHA1

3e4a02c3cb4b0c6dd2d462a6ae94e0777bcdbc8a
SHA256

b3c2ed1edebee42767277652dbdb2c3c17c3b33707c975b1679e956658701825
SHA512

c884d969ef71af279bfc5e54f6a5323d9e9f698cb2b3140d16773776d7bade875653bb018cbb40fa0bc69232221506dc8fae95c58a98618d9f742e936a27e838

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

1159b5c0e7acc0d01f99c456b5a2e17a.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1159b5c0e7acc0d01f99c456b5a2e17a.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1159b5c0e7acc0d01f99c456b5a2e17a.exe
- Size
  
  650KB
- MD5
  
  1159b5c0e7acc0d01f99c456b5a2e17a
- SHA1
  
  3e4a02c3cb4b0c6dd2d462a6ae94e0777bcdbc8a
- SHA256
  
  b3c2ed1edebee42767277652dbdb2c3c17c3b33707c975b1679e956658701825
- SHA512
  
  c884d969ef71af279bfc5e54f6a5323d9e9f698cb2b3140d16773776d7bade875653bb018cbb40fa0bc69232221506dc8fae95c58a98618d9f742e936a27e838
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy