redline | edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb | Triage

Resubmissions

02-04-2021 10:13

210402-qmk84q731a 5

01-04-2021 07:23

210401-qmxmygyems 10

Sharing

General

Target

QFSN0331PDF.exe
Size

519KB
Sample

210401-qmxmygyems
MD5

18377afa571a27e3d67024934eb425fc
SHA1

72e4b926dcf352558304f42fac331b2dda61049e
SHA256

edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb
SHA512

7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

C2

mhuncho.duckdns.org:3214

Targets

- Target
  
  QFSN0331PDF.exe
- Size
  
  519KB
- MD5
  
  18377afa571a27e3d67024934eb425fc
- SHA1
  
  72e4b926dcf352558304f42fac331b2dda61049e
- SHA256
  
  edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb
- SHA512
  
  7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer