redline | 896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888
Size

530KB
Sample

240915-pd59fstfpk
MD5

338e222dbbbe3d87219fc2ba4e6936da
SHA1

8cdeeeddfdb6cbc693114487d0356779074b8d9f
SHA256

896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888
SHA512

cff8cfb9e74079c06da5faf57cffca23cf9b3d1fe54f84da0049f72654d355e3df6dfb7485495c8878b78624447e3c87608246892b803838be23540aafe7a36f
SSDEEP

12288:Dh1Lk70Tnvjce2Pn9TUvUtsDtsK6UjAvGa6CiFgPj5sv:fk70Trce2P9TUctsDtsK6sAvGa6CPPjm

Score

10^/10

redline credential_access discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888.exe

Resource

win10v2004-20240802-en

redline credential_access discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888.exe

Resource

win11-20240802-en

redline credential_access discovery infostealer spyware stealer

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888
- Size
  
  530KB
- MD5
  
  338e222dbbbe3d87219fc2ba4e6936da
- SHA1
  
  8cdeeeddfdb6cbc693114487d0356779074b8d9f
- SHA256
  
  896111ef81521a75cc97efe4f36865ab3c0e7291b1d48b5f349e656abe8ff888
- SHA512
  
  cff8cfb9e74079c06da5faf57cffca23cf9b3d1fe54f84da0049f72654d355e3df6dfb7485495c8878b78624447e3c87608246892b803838be23540aafe7a36f
- SSDEEP
  
  12288:Dh1Lk70Tnvjce2Pn9TUvUtsDtsK6UjAvGa6CiFgPj5sv:fk70Trce2P9TUctsDtsK6sAvGa6CPPjm
Score

10^/10

redline credential_access discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecredential_accessdiscoveryinfostealerspywarestealer

behavioral2

redlinecredential_accessdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy