redline | 268ee2c4d503639dc60e09cf6b385b2b57f6c0c2f52a77a792545637e744bfe8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

268ee2c4d503639dc60e09cf6b385b2b57f6c0c2f52a77a792545637e744bfe8
Size

569KB
Sample

210915-jwftmaabd6
MD5

653c65c1f3a8157b7acfcd20fe9e09ec
SHA1

66096d7d0237d076a2067662cac8f2aea3d5b09b
SHA256

268ee2c4d503639dc60e09cf6b385b2b57f6c0c2f52a77a792545637e744bfe8
SHA512

d4be06c1754b4e2a7ea9e78e6109fc6de7e89b5773827eb055fb53752c42126c3373eee5edeeb51f0928b6cd29083b6eb62e435a5a39a7101b98528b95ecd15f

Score

10^/10

redline 15.09 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

268ee2c4d503639dc60e09cf6b385b2b57f6c0c2f52a77a792545637e744bfe8.exe

Resource

win10-en

redline 15.09 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

15.09

C2

185.215.113.17:48236

Targets

- Target
  
  268ee2c4d503639dc60e09cf6b385b2b57f6c0c2f52a77a792545637e744bfe8
- Size
  
  569KB
- MD5
  
  653c65c1f3a8157b7acfcd20fe9e09ec
- SHA1
  
  66096d7d0237d076a2067662cac8f2aea3d5b09b
- SHA256
  
  268ee2c4d503639dc60e09cf6b385b2b57f6c0c2f52a77a792545637e744bfe8
- SHA512
  
  d4be06c1754b4e2a7ea9e78e6109fc6de7e89b5773827eb055fb53752c42126c3373eee5edeeb51f0928b6cd29083b6eb62e435a5a39a7101b98528b95ecd15f
Score

10^/10

redline 15.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline15.09discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy