redline | 6c82ad6d2ac4bc7ca366d3a79bdaf96256352205ad6d645fe31ee98a1dfb1a8b | Triage

Submit
Reports

Overview

overview

Static

static

7047d8264a...97.exe

windows7_x64

7047d8264a...97.exe

windows10_x64

Sharing

General

Target

7047d8264ad838ace204f5f7bea52997.exe
Size

638KB
Sample

210309-b1xjfnndye
MD5

7047d8264ad838ace204f5f7bea52997
SHA1

8e9d01a01df42efb5f3e62c8dda214e85cb0b91d
SHA256

6c82ad6d2ac4bc7ca366d3a79bdaf96256352205ad6d645fe31ee98a1dfb1a8b
SHA512

4a2198d82f2ad61a2ff61a225fb1cd1edb8bb70ec5dd2df0f7666e56b69e8dfed7fbb8b27c9fa8f2e9d4f07268a7cd57cf66d32bd1ca031f0f1e6ad915171069

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

7047d8264ad838ace204f5f7bea52997.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7047d8264ad838ace204f5f7bea52997.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7047d8264ad838ace204f5f7bea52997.exe
- Size
  
  638KB
- MD5
  
  7047d8264ad838ace204f5f7bea52997
- SHA1
  
  8e9d01a01df42efb5f3e62c8dda214e85cb0b91d
- SHA256
  
  6c82ad6d2ac4bc7ca366d3a79bdaf96256352205ad6d645fe31ee98a1dfb1a8b
- SHA512
  
  4a2198d82f2ad61a2ff61a225fb1cd1edb8bb70ec5dd2df0f7666e56b69e8dfed7fbb8b27c9fa8f2e9d4f07268a7cd57cf66d32bd1ca031f0f1e6ad915171069
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy