redline | 85cf07ffef4036753485ca697ce6658807e3ef5042db022288465aef9f48093d | Triage

Submit
Reports

Overview

overview

Static

static

7c4b6284ce...62.exe

windows7_x64

7c4b6284ce...62.exe

windows10-2004_x64

Sharing

General

Target

7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262
Size

243KB
Sample

220212-zjxjlsdbd7
MD5

b116d24a05a799c1f771f374c6a4503d
SHA1

48de1ed6fd833e44a6a44ff3e3c8f0e55a355ec5
SHA256

85cf07ffef4036753485ca697ce6658807e3ef5042db022288465aef9f48093d
SHA512

98d6aa276f34926503bbebc5eb64b2770fcc2461dde51642e0489c575faa1f41c60ebbf71cb839aeb82114f8bcb45923e943a4a18bab2bf49d03e086627a22dc

Score

10^/10

redline noname discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262.exe

Resource

win7-en-20211208

redline noname discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262.exe

Resource

win10v2004-en-20220113

discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262
- Size
  
  375KB
- MD5
  
  2ff15018669b2651fc34f6c0627fc9c4
- SHA1
  
  87b4287c12773e252f1b5d812524a43f6a7aaead
- SHA256
  
  7c4b6284ce13dad5931046c817c49efd132ac3ffd452bf22b221d434d8ae1262
- SHA512
  
  a1fcdeb3a14a39ba58568a8d74395405d60b8df3571638e7a34f28edc7f64b5a54007716ed16cd942d84fe3d01bb4cf44165b03ebdbccf90f7e9f592e7329c77
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy