redline | fc1c966dd0ac73c1e2aae4287b1480ba9d27d01accc069a9a69d2a4fc9f1a6a9 | Triage

Sharing

General

Target

965212c139d8c474ed69ff3c33b88be4.exe
Size

521KB
Sample

210319-fglt61nbex
MD5

965212c139d8c474ed69ff3c33b88be4
SHA1

cce8ddf99da03113f80cd0e3e1368186468d904d
SHA256

fc1c966dd0ac73c1e2aae4287b1480ba9d27d01accc069a9a69d2a4fc9f1a6a9
SHA512

f9f37bbbacffcd4eed9ac7d4a66c9d5d0f0b0c85ec93e03712e1d238ace52f718beec08a5fc921b6a2d6d4084d1a4280258c188c514a6e0548ebde81afe9fd12

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Targets

- Target
  
  965212c139d8c474ed69ff3c33b88be4.exe
- Size
  
  521KB
- MD5
  
  965212c139d8c474ed69ff3c33b88be4
- SHA1
  
  cce8ddf99da03113f80cd0e3e1368186468d904d
- SHA256
  
  fc1c966dd0ac73c1e2aae4287b1480ba9d27d01accc069a9a69d2a4fc9f1a6a9
- SHA512
  
  f9f37bbbacffcd4eed9ac7d4a66c9d5d0f0b0c85ec93e03712e1d238ace52f718beec08a5fc921b6a2d6d4084d1a4280258c188c514a6e0548ebde81afe9fd12
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer