redline | 16dad4519d9152ab6089dbf1f5987b1a1041921281e0b7ea023240e3a8614a59 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows7_x64

Setup.exe

windows10_x64

Sharing

General

Target

Setup.rar
Size

984KB
Sample

211023-t1c9eacdc6
MD5

a594066602971fd490314deb88063efb
SHA1

0dd8615ee4371ccaa38de79660256f5071b17894
SHA256

16dad4519d9152ab6089dbf1f5987b1a1041921281e0b7ea023240e3a8614a59
SHA512

f3ea04655dccb0b10192b1c97421037514e9f41585548f38f99963f18d973831cdd5ea87f7b173b7a20bd36b43fef9fc61a927a2e83e75d569d1384b79d9445f

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-en-20211014

redline discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10-en-20210920

redline discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  333.8MB
- MD5
  
  e1752b67d6336d141615d1842698ecfe
- SHA1
  
  216bf305f1cf34d7e5ffba36b280494b7b03cdf0
- SHA256
  
  cd1ae60f06cb76918ef4f3aecb47685214554d4301e975b6b396bf9e0cefe413
- SHA512
  
  9a41ab35393012c3f3b85e9d4d026b45f0d9c1cfa0700e79f0bc4dc93d28ae7e734fe07f991ec0de6fc44999e7c2f7abe054eea26d806f0fb72716be120d7530
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy