redline | 2d21d56c6e2bb7643be411747eabf7c9eaf5316a1520e3a84f1363c53075d87c | Triage

Submit
Reports

Overview

overview

Static

static

AMAZONORDE...DF.exe

windows7_x64

AMAZONORDE...DF.exe

windows10_x64

Sharing

General

Target

AMAZONORDER929293384PDF.exe
Size

918KB
Sample

211022-xd4pmacad6
MD5

4b822ff53f5ad740eeaba9e1bb26ad68
SHA1

d3e4912cce03f627ab8da804fc0151c7815f5eb4
SHA256

2d21d56c6e2bb7643be411747eabf7c9eaf5316a1520e3a84f1363c53075d87c
SHA512

3e4962fe88bac0a4e3d38656b90c5b5229f61b14278c6e9c335118fb1b30a953698187d41ff4624ee93ae39a62268b1c8476e83afc29b9264f430e11e18713d2

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

AMAZONORDER929293384PDF.exe

Resource

win7-en-20210920

redline discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AMAZONORDER929293384PDF.exe

Resource

win10-en-20210920

redline discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  AMAZONORDER929293384PDF.exe
- Size
  
  918KB
- MD5
  
  4b822ff53f5ad740eeaba9e1bb26ad68
- SHA1
  
  d3e4912cce03f627ab8da804fc0151c7815f5eb4
- SHA256
  
  2d21d56c6e2bb7643be411747eabf7c9eaf5316a1520e3a84f1363c53075d87c
- SHA512
  
  3e4962fe88bac0a4e3d38656b90c5b5229f61b14278c6e9c335118fb1b30a953698187d41ff4624ee93ae39a62268b1c8476e83afc29b9264f430e11e18713d2
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy