redline | 1df627a462077149e7a934ea1b758c8fccf34933f340fab14ca8976b4a6a5c20 | Triage

Submit
Reports

Overview

overview

Static

static

310fd2e6a2...88.exe

windows7_x64

310fd2e6a2...88.exe

windows10_x64

Sharing

General

Target

310fd2e6a2056c7983afd48b75b5ca88.exe
Size

995KB
Sample

210310-3qj7r5ggw2
MD5

310fd2e6a2056c7983afd48b75b5ca88
SHA1

ddfeb5cbe8b9ae528629fe5e8afea7a7ea8fe570
SHA256

1df627a462077149e7a934ea1b758c8fccf34933f340fab14ca8976b4a6a5c20
SHA512

e60b86a1f38d7062bf1f766bc905abd7605803dc380b077f643d5b3b9c7a5c6710e2d777d2d05a7c3b756da8d87850653f2ef6d236e599287bd316b0039a51fe

Score

10^/10

redline agilenet discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

310fd2e6a2056c7983afd48b75b5ca88.exe

Resource

win7v20201028

redline agilenet discovery infostealer persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

310fd2e6a2056c7983afd48b75b5ca88.exe

Resource

win10v20201028

redline agilenet discovery infostealer persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  310fd2e6a2056c7983afd48b75b5ca88.exe
- Size
  
  995KB
- MD5
  
  310fd2e6a2056c7983afd48b75b5ca88
- SHA1
  
  ddfeb5cbe8b9ae528629fe5e8afea7a7ea8fe570
- SHA256
  
  1df627a462077149e7a934ea1b758c8fccf34933f340fab14ca8976b4a6a5c20
- SHA512
  
  e60b86a1f38d7062bf1f766bc905abd7605803dc380b077f643d5b3b9c7a5c6710e2d777d2d05a7c3b756da8d87850653f2ef6d236e599287bd316b0039a51fe
Score

10^/10

redline agilenet discovery infostealer persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineagilenetdiscoveryinfostealerpersistencespywarestealer

behavioral2

redlineagilenetdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy