redline | e3ac84aeb4c0a6606a5e385327f371c36335954f27ec4151d616fbb73d466e37 | Triage

Submit
Reports

Overview

overview

Static

static

e00743a063...0c.exe

windows7_x64

e00743a063...0c.exe

windows10_x64

8

Resubmissions

17-03-2021 08:48

210317-xv9yl2r5hn 10

16-03-2021 19:29

210316-6pes49a322 8

Sharing

General

Target

e00743a06378fdc48df81c57ff27c80c.exe
Size

799KB
Sample

210317-xv9yl2r5hn
MD5

e00743a06378fdc48df81c57ff27c80c
SHA1

644eef3bb78b0e340b2f4977dc0c17b26889603b
SHA256

e3ac84aeb4c0a6606a5e385327f371c36335954f27ec4151d616fbb73d466e37
SHA512

4d573618672bd491916753363403dd401db21a287aa3f35c7264478bf237b3aed9e14f1da868709d10e034fa30222f3e47b6acd796df6aad08be31652a023e1f

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e00743a06378fdc48df81c57ff27c80c.exe

Resource

win7v20201028

redline discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e00743a06378fdc48df81c57ff27c80c.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e00743a06378fdc48df81c57ff27c80c.exe
- Size
  
  799KB
- MD5
  
  e00743a06378fdc48df81c57ff27c80c
- SHA1
  
  644eef3bb78b0e340b2f4977dc0c17b26889603b
- SHA256
  
  e3ac84aeb4c0a6606a5e385327f371c36335954f27ec4151d616fbb73d466e37
- SHA512
  
  4d573618672bd491916753363403dd401db21a287aa3f35c7264478bf237b3aed9e14f1da868709d10e034fa30222f3e47b6acd796df6aad08be31652a023e1f
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy