redline | 5ef5b9af1641fc0d05431531ed2a6ef2f66732392a4883f135a37e3097ace19e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

5ef5b9af1641fc0d05431531ed2a6ef2f66732392a4883f135a37e3097ace19e
Size

382KB
Sample

210727-yye17kzprx
MD5

591bf4ed6e8c6c49e03aff692357e776
SHA1

8ac5a67cacaa0bb4bad348b3848a0ae531eb521c
SHA256

5ef5b9af1641fc0d05431531ed2a6ef2f66732392a4883f135a37e3097ace19e
SHA512

bdf11891f77938a62227775566cdfaa903b96760df412353e44076075d9573d3166032b4bd0b2f60019ff009721376d111006f52c0e802622c762a676ed426d7

Score

10^/10

redline sewpalpadin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5ef5b9af1641fc0d05431531ed2a6ef2f66732392a4883f135a37e3097ace19e.exe

Resource

win10v20210408

redline sewpalpadin discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Targets

- Target
  
  5ef5b9af1641fc0d05431531ed2a6ef2f66732392a4883f135a37e3097ace19e
- Size
  
  382KB
- MD5
  
  591bf4ed6e8c6c49e03aff692357e776
- SHA1
  
  8ac5a67cacaa0bb4bad348b3848a0ae531eb521c
- SHA256
  
  5ef5b9af1641fc0d05431531ed2a6ef2f66732392a4883f135a37e3097ace19e
- SHA512
  
  bdf11891f77938a62227775566cdfaa903b96760df412353e44076075d9573d3166032b4bd0b2f60019ff009721376d111006f52c0e802622c762a676ed426d7
Score

10^/10

redline sewpalpadin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesewpalpadindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy