redline | 3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
Size

663KB
Sample

210914-16dwfsbdbq
MD5

fa622c0da3074c9f7e5835a56352bbd5
SHA1

fcc22b7caf053a3adc6bdfcb46afb0c164b5393b
SHA256

3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
SHA512

b257121b072973c3012005b4207c99083c959cfa0077330d0cf372251506df3b8069e0fe2b6eb931792d8b0454ae9aa00a8177aa73b7b2e2c4c0f8c9d47dfa8e

Score

10^/10

redline mix15.09 discovery infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7.exe

Resource

win10v20210408

redline mix15.09 discovery infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix15.09

C2

185.215.113.15:6043

Targets

- Target
  
  3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
- Size
  
  663KB
- MD5
  
  fa622c0da3074c9f7e5835a56352bbd5
- SHA1
  
  fcc22b7caf053a3adc6bdfcb46afb0c164b5393b
- SHA256
  
  3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
- SHA512
  
  b257121b072973c3012005b4207c99083c959cfa0077330d0cf372251506df3b8069e0fe2b6eb931792d8b0454ae9aa00a8177aa73b7b2e2c4c0f8c9d47dfa8e
Score

10^/10

redline mix15.09 discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinemix15.09discoveryinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy