redline | 1dc057c9c8e23f10e6cb6cd957a412a06c78d24dbdeb93d6d4ac83b5d0c835e1 | Triage

Submit
Reports

Overview

overview

Static

static

715ff963e7...f6.exe

windows7_x64

715ff963e7...f6.exe

windows10_x64

Sharing

General

Target

715ff963e75986124591e17cd8c6f6f6.exe
Size

165KB
Sample

210418-1cbyzeq612
MD5

715ff963e75986124591e17cd8c6f6f6
SHA1

67bec13f335787778e5b60dc339b50a1aad5ce67
SHA256

1dc057c9c8e23f10e6cb6cd957a412a06c78d24dbdeb93d6d4ac83b5d0c835e1
SHA512

ef6ce6546e66bdb5479bc3f0f45ea5177ab0eb217bceea2cab6e17fcc193ade3c19edc6c067441fa8169042bd23b7fa69fd7cc99dac4d4e61ff19e28ede0f924

Score

10^/10

redline discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

715ff963e75986124591e17cd8c6f6f6.exe

Resource

win7v20210410

redline discovery evasion infostealer persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

715ff963e75986124591e17cd8c6f6f6.exe

Resource

win10v20210410

redline discovery evasion infostealer persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  715ff963e75986124591e17cd8c6f6f6.exe
- Size
  
  165KB
- MD5
  
  715ff963e75986124591e17cd8c6f6f6
- SHA1
  
  67bec13f335787778e5b60dc339b50a1aad5ce67
- SHA256
  
  1dc057c9c8e23f10e6cb6cd957a412a06c78d24dbdeb93d6d4ac83b5d0c835e1
- SHA512
  
  ef6ce6546e66bdb5479bc3f0f45ea5177ab0eb217bceea2cab6e17fcc193ade3c19edc6c067441fa8169042bd23b7fa69fd7cc99dac4d4e61ff19e28ede0f924
Score

10^/10

redline discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryevasioninfostealerpersistencespywarestealertrojan

behavioral2

redlinediscoveryevasioninfostealerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy