redline | 71ad6ec7266b2e4340a7e02d0fc40fad544f618b97feaf012647850989637ef5 | Triage

Submit
Reports

Overview

overview

Static

static

7c4b6284ce...62.exe

windows7_x64

7c4b6284ce...62.exe

windows10-2004_x64

Sharing

General

Target

7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262
Size

243KB
Sample

220211-t41twache9
MD5

9869a9ac3132242ec0023920af58097f
SHA1

2ad146b203c6e3aa1ac5725df80d30dc3936b4e6
SHA256

71ad6ec7266b2e4340a7e02d0fc40fad544f618b97feaf012647850989637ef5
SHA512

75a0531b8e0f31a2cf889c300652381054e64a2af19185b03fbac9909d9dcaff7622fd07d3989a3fbdab5f6b2a5197ac3090c607b8315ddf534ff69f954612c3

Score

10^/10

redline noname discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262.exe

Resource

win7-en-20211208

redline noname discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262.exe

Resource

win10v2004-en-20220112

discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262
- Size
  
  375KB
- MD5
  
  2ff15018669b2651fc34f6c0627fc9c4
- SHA1
  
  87b4287c12773e252f1b5d812524a43f6a7aaead
- SHA256
  
  7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262
- SHA512
  
  a1fcdeb3a14a39ba58568a8d74395405d60b8df3571638e7a34f28edc7f64b5a54007716ed16cd942d84fe3d01bb4cf44165b03ebdbccf90f7e9f592e7329c77
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy