redline | f7f9972ccd76aadd84a675d8a7c12c14d9bdfb40fe23aa6614a666513e72315b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

f7f9972ccd76aadd84a675d8a7c12c14d9bdfb40fe23aa6614a666513e72315b
Size

422KB
Sample

210810-9wkkk3cn2j
MD5

e75d99a56d470da144bd99ab10507e4b
SHA1

6ccfc64703dc3843602bb5cab0ef073e8f95ee03
SHA256

f7f9972ccd76aadd84a675d8a7c12c14d9bdfb40fe23aa6614a666513e72315b
SHA512

67d7e4944ff3918fcea3c80180a650f28e24c1254f468d5f91899af546e2e188a688172c76e64667e1a047331d2339522355d792df9b0bb59726ff4ca9e40414

Score

10^/10

redline sewpalpadin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f7f9972ccd76aadd84a675d8a7c12c14d9bdfb40fe23aa6614a666513e72315b.exe

Resource

win10v20210410

redline sewpalpadin discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Targets

- Target
  
  f7f9972ccd76aadd84a675d8a7c12c14d9bdfb40fe23aa6614a666513e72315b
- Size
  
  422KB
- MD5
  
  e75d99a56d470da144bd99ab10507e4b
- SHA1
  
  6ccfc64703dc3843602bb5cab0ef073e8f95ee03
- SHA256
  
  f7f9972ccd76aadd84a675d8a7c12c14d9bdfb40fe23aa6614a666513e72315b
- SHA512
  
  67d7e4944ff3918fcea3c80180a650f28e24c1254f468d5f91899af546e2e188a688172c76e64667e1a047331d2339522355d792df9b0bb59726ff4ca9e40414
Score

10^/10

redline sewpalpadin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesewpalpadindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy