redline | c125a8f255cda6fd222596e9ab5e9b74c5e05f4d77723ca84a5c8497b87ab974 | Triage

Submit
Reports

Overview

overview

Static

static

3

Software_1...or.exe

windows11-21h2-x64

Sharing

General

Target

Software_1.30.1.zip
Size

21.9MB
Sample

240526-1ldd7adh93
MD5

a3649ea02a76e3f0d19199251f77eebb
SHA1

90d34f44cf6a230151290df54b283b04aef37599
SHA256

c125a8f255cda6fd222596e9ab5e9b74c5e05f4d77723ca84a5c8497b87ab974
SHA512

0e7f815aa2b1c8c2f0c45ee2017e89fd931113c4db2fe80745052da68340a254a7c004a0027425058d077045a2956f11c2a413bc2f713406ac0940a9418dd3bf
SSDEEP

393216:RdMbHh4LA9hXCQQfaUCFguObeJ2nadggLaRDu2iK+z0EPgSpMGJob2I4KIS+ec:0dthXCQAaUZFfaRLL2iK+z0EFMaq2I7a

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Software_1.30.1/injector.exe

Resource

win11-20240426-en

redline discovery infostealer spyware stealer

windows11-21h2-x64

10 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Software_1.30.1/injector.exe
- Size
  
  1.2MB
- MD5
  
  fcff049d54b0d16073547a031b4fe25a
- SHA1
  
  712cc8033203365ce06b1b2bc7c408d761b1528e
- SHA256
  
  a464a93a1fdcd72ad1233dfd3325883fd96059fc956d276a1b94beef98cda0ca
- SHA512
  
  66568449eadea1d3450eb3c5a5803100575d61fad969def8e0e071a0a27b5748497b09766df1aba5035f3a9d6613e7abdfbb750c1dcbb992d52b27dc0c50522a
- SSDEEP
  
  24576:t3limtrGsJkYYfvmpEkF182cijhZiMg7mLXNBm9p+hZ:t3lAsJtYfvmpNLcChzzXNBm9U
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy