redline | a6d3f74228ee18a19579010cd5fe3cc98f2c53dc43452325ba57a69f1253d7a5 | Triage

Submit
Reports

Overview

overview

Static

static

f9e77a59-1...71.exe

windows7_x64

f9e77a59-1...71.exe

windows10_x64

Sharing

General

Target

f9e77a59-1780-4a28-a917-74dde5270371
Size

723KB
Sample

210727-wb7pv7jmws
MD5

5c7a96e9e751658f051daa79ac1e4cf0
SHA1

786f93d12910979c125ae6de7335d1aa80b5ed3e
SHA256

a6d3f74228ee18a19579010cd5fe3cc98f2c53dc43452325ba57a69f1253d7a5
SHA512

e624b68903efab2b7cd287b8c48e8afb08399770d0533238de2d0e17944dde9d8587041de81499b8c8b737bdbfb9e87f06539cdfff5c0d8da2713916512e0de9

Score

10^/10

redline discovery evasion infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f9e77a59-1780-4a28-a917-74dde5270371.exe

Resource

win7v20210410

redline discovery evasion infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f9e77a59-1780-4a28-a917-74dde5270371.exe

Resource

win10v20210408

redline discovery evasion infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

stanntinab.xyz:80

Targets

- Target
  
  f9e77a59-1780-4a28-a917-74dde5270371
- Size
  
  723KB
- MD5
  
  5c7a96e9e751658f051daa79ac1e4cf0
- SHA1
  
  786f93d12910979c125ae6de7335d1aa80b5ed3e
- SHA256
  
  a6d3f74228ee18a19579010cd5fe3cc98f2c53dc43452325ba57a69f1253d7a5
- SHA512
  
  e624b68903efab2b7cd287b8c48e8afb08399770d0533238de2d0e17944dde9d8587041de81499b8c8b737bdbfb9e87f06539cdfff5c0d8da2713916512e0de9
Score

10^/10

redline discovery evasion infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryevasioninfostealerspywarestealer

behavioral2

redlinediscoveryevasioninfostealerspywarestealer

© 2018-2024

Terms | Privacy