redline | 56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
Size

642KB
Sample

210831-l9xjwjdtc6
MD5

91aa29454b021cb7527a48ccdc63bd03
SHA1

1e7e5758d793cddba18e9da6bf720a8ade96674a
SHA256

56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
SHA512

3c7c16345ef6803b41622054d56d20c3f5d6569bac991a900f78ab94f57a8a9e1df771e32d594dffedf0ca102e85502021949b5092664886af4809cebc68697b

Score

10^/10

redline mix31.08 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79.exe

Resource

win10v20210408

redline mix31.08 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix31.08

C2

185.215.113.15:6043

Targets

- Target
  
  56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
- Size
  
  642KB
- MD5
  
  91aa29454b021cb7527a48ccdc63bd03
- SHA1
  
  1e7e5758d793cddba18e9da6bf720a8ade96674a
- SHA256
  
  56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
- SHA512
  
  3c7c16345ef6803b41622054d56d20c3f5d6569bac991a900f78ab94f57a8a9e1df771e32d594dffedf0ca102e85502021949b5092664886af4809cebc68697b
Score

10^/10

redline mix31.08 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinemix31.08discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy