redline | c41c4f0e050c1985f10c47f82b1104b49c13f17a9da8feebaf2b444c01c30771 | Triage

Submit
Reports

Overview

overview

Static

static

8

c41c4f0e05...71.exe

windows10_x64

Sharing

General

Target

c41c4f0e050c1985f10c47f82b1104b49c13f17a9da8feebaf2b444c01c30771
Size

173KB
Sample

211006-ga9tgaaeg6
MD5

a15cfab138e8757a1f15de1bb54f304b
SHA1

3e4b076de410be96d02076b927f47be45c3968e7
SHA256

c41c4f0e050c1985f10c47f82b1104b49c13f17a9da8feebaf2b444c01c30771
SHA512

6199040c478bed5bb8f844d27bcb6b64386c0648cf25886b53e771c868ba9bb8d92fcc30d9831761e3af90aacc9ac67118ba1b3d47dd30ebb70fa9e1588c8670

Score

10^/10

redline coreentity evasion infostealer persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c41c4f0e050c1985f10c47f82b1104b49c13f17a9da8feebaf2b444c01c30771.exe

Resource

win10v20210408

redline coreentity evasion infostealer persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c41c4f0e050c1985f10c47f82b1104b49c13f17a9da8feebaf2b444c01c30771
- Size
  
  173KB
- MD5
  
  a15cfab138e8757a1f15de1bb54f304b
- SHA1
  
  3e4b076de410be96d02076b927f47be45c3968e7
- SHA256
  
  c41c4f0e050c1985f10c47f82b1104b49c13f17a9da8feebaf2b444c01c30771
- SHA512
  
  6199040c478bed5bb8f844d27bcb6b64386c0648cf25886b53e771c868ba9bb8d92fcc30d9831761e3af90aacc9ac67118ba1b3d47dd30ebb70fa9e1588c8670
Score

10^/10

redline coreentity evasion infostealer persistence trojan upx
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecoreentityevasioninfostealerpersistencetrojanupx

© 2018-2024

Terms | Privacy