Overview

overview

10

Static

static

9290fe7517...97.exe

windows7_x64

10

9290fe7517...97.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9290fe75175367dd6330d504164fb597.exe

  • Size

    32KB

  • Sample

    210307-e7jpab8v8a

  • MD5

    9290fe75175367dd6330d504164fb597

  • SHA1

    d0ef05fc64c35901a6de03daf3a972e760e7876e

  • SHA256

    e58ef47a566a73ad01ce7a37c178d1fce2a3282882f814997aab487200cf8005

  • SHA512

    b92e1b267d9701a75d6680282c448170696680573a4e25e676747debc4fbd9af6209c9d7edf646a090442f800484b010f5bb2b96088db930c79590a19dd0a97d

Score
10/10
redlineinfostealer

Malware Config

Targets

    • Target

      9290fe75175367dd6330d504164fb597.exe

    • Size

      32KB

    • MD5

      9290fe75175367dd6330d504164fb597

    • SHA1

      d0ef05fc64c35901a6de03daf3a972e760e7876e

    • SHA256

      e58ef47a566a73ad01ce7a37c178d1fce2a3282882f814997aab487200cf8005

    • SHA512

      b92e1b267d9701a75d6680282c448170696680573a4e25e676747debc4fbd9af6209c9d7edf646a090442f800484b010f5bb2b96088db930c79590a19dd0a97d

    Score
    10/10
    redlineinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks