redline | 8378458c45be220207b12b7dbeeee4fcd9a4c4f51973d828834b418ded6e781f | Triage

Submit
Reports

Overview

overview

Static

static

qZ0RXW.exe

windows7_x64

qZ0RXW.exe

windows10_x64

Sharing

General

Target

qZ0RXW.exe
Size

912KB
Sample

210312-7bwh3xg866
MD5

8c03063314b0aa3d6a7d26c1f6db60b4
SHA1

6955952347314e7e19895778af232b14a15c736d
SHA256

8378458c45be220207b12b7dbeeee4fcd9a4c4f51973d828834b418ded6e781f
SHA512

d55407a63928afa38612e58fef7253452cc799f8659c4a78e93ba94b2d07feb7a2e47e1294b79879b440fe5bc8ad0d8c7563a6d4e1a0e2d31aa9424c009f9839

Score

10^/10

redline infostealer

Static task

static1

Behavioral task

behavioral1

Sample

qZ0RXW.exe

Resource

win7v20201028

redline infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

qZ0RXW.exe

Resource

win10v20201028

redline infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  qZ0RXW.exe
- Size
  
  912KB
- MD5
  
  8c03063314b0aa3d6a7d26c1f6db60b4
- SHA1
  
  6955952347314e7e19895778af232b14a15c736d
- SHA256
  
  8378458c45be220207b12b7dbeeee4fcd9a4c4f51973d828834b418ded6e781f
- SHA512
  
  d55407a63928afa38612e58fef7253452cc799f8659c4a78e93ba94b2d07feb7a2e47e1294b79879b440fe5bc8ad0d8c7563a6d4e1a0e2d31aa9424c009f9839
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy