redline | 95c5c298a4e0b3a381d03d5c32d4bd420050aa6d4833a7aadf5607885a97ece3 | Triage

Submit
Reports

Overview

overview

Static

static

2e43eefac0...a8.exe

windows7_x64

2e43eefac0...a8.exe

windows10_x64

Sharing

General

Target

2e43eefac0cbf1deb40b97d307a5f9a8.exe
Size

650KB
Sample

210225-lyp6espwaa
MD5

2e43eefac0cbf1deb40b97d307a5f9a8
SHA1

936963b3b7da5c6addbb7dc323e65df58be56ad8
SHA256

95c5c298a4e0b3a381d03d5c32d4bd420050aa6d4833a7aadf5607885a97ece3
SHA512

d2c64a59a071ec9827c24e9d23b852866268ff8ab0a3d03f444c06fcda7029488d637a2a5ed1953a0c2655bea52607005e93a3c971729c1ed9c686df68cefa95

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

2e43eefac0cbf1deb40b97d307a5f9a8.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2e43eefac0cbf1deb40b97d307a5f9a8.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2e43eefac0cbf1deb40b97d307a5f9a8.exe
- Size
  
  650KB
- MD5
  
  2e43eefac0cbf1deb40b97d307a5f9a8
- SHA1
  
  936963b3b7da5c6addbb7dc323e65df58be56ad8
- SHA256
  
  95c5c298a4e0b3a381d03d5c32d4bd420050aa6d4833a7aadf5607885a97ece3
- SHA512
  
  d2c64a59a071ec9827c24e9d23b852866268ff8ab0a3d03f444c06fcda7029488d637a2a5ed1953a0c2655bea52607005e93a3c971729c1ed9c686df68cefa95
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy