redline | 0b3126faa1c9aefa49138147a91524c66e466f572dcac2e0121c53a187ccb076 | Triage

Submit
Reports

Overview

overview

Static

static

4589942958...4a.exe

windows7_x64

4589942958...4a.exe

windows10_x64

Sharing

General

Target

45899429584c6e771bfa9f9a9e37ca4a.exe
Size

555KB
Sample

210310-npaty7lkds
MD5

45899429584c6e771bfa9f9a9e37ca4a
SHA1

0b28d9977d2cb0e818c6206752cf9aec56bfac98
SHA256

0b3126faa1c9aefa49138147a91524c66e466f572dcac2e0121c53a187ccb076
SHA512

8159fabef442fa2c3f2c8efd19dd7eb704b90e5fdb6dfee62561bc755b8e4e7ef7db7c70a91297e9786548f7fa52424d26943a57d3f1566ce695f0473e419cc9

Score

10^/10

redline discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

45899429584c6e771bfa9f9a9e37ca4a.exe

Resource

win7v20201028

redline discovery infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

45899429584c6e771bfa9f9a9e37ca4a.exe

Resource

win10v20201028

redline discovery infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  45899429584c6e771bfa9f9a9e37ca4a.exe
- Size
  
  555KB
- MD5
  
  45899429584c6e771bfa9f9a9e37ca4a
- SHA1
  
  0b28d9977d2cb0e818c6206752cf9aec56bfac98
- SHA256
  
  0b3126faa1c9aefa49138147a91524c66e466f572dcac2e0121c53a187ccb076
- SHA512
  
  8159fabef442fa2c3f2c8efd19dd7eb704b90e5fdb6dfee62561bc755b8e4e7ef7db7c70a91297e9786548f7fa52424d26943a57d3f1566ce695f0473e419cc9
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspyware

behavioral2

redlinediscoveryinfostealerspyware

© 2018-2024

Terms | Privacy