redline | d24b5d75e56e99a246697efda3cf47ff9f1b841aaabb06f987804c02e83f5e0a | Triage

Submit
Reports

Overview

overview

Static

static

a02438d946...86.exe

windows7_x64

a02438d946...86.exe

windows10_x64

Sharing

General

Target

a02438d946903f95bd9f706ad0776c86.exe
Size

72KB
Sample

211023-lpb8zaccc7
MD5

a02438d946903f95bd9f706ad0776c86
SHA1

d4b9470f0d24d94e3d327a456cb98fddd8fe61b4
SHA256

d24b5d75e56e99a246697efda3cf47ff9f1b841aaabb06f987804c02e83f5e0a
SHA512

b4301d4ea11f58bb8d6aae4326838ecbb558b485973e6d52553902a1d2a64217f69956a61470a7956513db904ffd2b1fc8ee55386cc02a4895e758d978ce52b4

Score

10^/10

redline discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a02438d946903f95bd9f706ad0776c86.exe

Resource

win7-en-20210920

redline discovery infostealer persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a02438d946903f95bd9f706ad0776c86.exe

Resource

win10-en-20211014

redline discovery infostealer persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a02438d946903f95bd9f706ad0776c86.exe
- Size
  
  72KB
- MD5
  
  a02438d946903f95bd9f706ad0776c86
- SHA1
  
  d4b9470f0d24d94e3d327a456cb98fddd8fe61b4
- SHA256
  
  d24b5d75e56e99a246697efda3cf47ff9f1b841aaabb06f987804c02e83f5e0a
- SHA512
  
  b4301d4ea11f58bb8d6aae4326838ecbb558b485973e6d52553902a1d2a64217f69956a61470a7956513db904ffd2b1fc8ee55386cc02a4895e758d978ce52b4
Score

10^/10

redline discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistencespywarestealer

behavioral2

redlinediscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy