redline | c60658df5597c8393775e83019a75f72d16144a4a9a22089dbcedca421d00d55 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

c60658df5597c8393775e83019a75f72d16144a4a9a22089dbcedca421d00d55
Size

550KB
Sample

210915-t1ykcabab6
MD5

37ed0859619a785dfd8c72b8737733f7
SHA1

2a6aab59b8fd1c21c62f2d4ace77b8469273b062
SHA256

c60658df5597c8393775e83019a75f72d16144a4a9a22089dbcedca421d00d55
SHA512

b41614dc9cea21f423e724462e184b9ad776f308d06fb9cd9bd8c4322517d7e343c1222bb9c58d5ba5d276f9fc7c63294ff0d5d30dbb3d6b4ad45a4988b1f87d

Score

10^/10

redline mix15.09 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c60658df5597c8393775e83019a75f72d16144a4a9a22089dbcedca421d00d55.exe

Resource

win10v20210408

redline mix15.09 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix15.09

C2

185.215.113.15:6043

Targets

- Target
  
  c60658df5597c8393775e83019a75f72d16144a4a9a22089dbcedca421d00d55
- Size
  
  550KB
- MD5
  
  37ed0859619a785dfd8c72b8737733f7
- SHA1
  
  2a6aab59b8fd1c21c62f2d4ace77b8469273b062
- SHA256
  
  c60658df5597c8393775e83019a75f72d16144a4a9a22089dbcedca421d00d55
- SHA512
  
  b41614dc9cea21f423e724462e184b9ad776f308d06fb9cd9bd8c4322517d7e343c1222bb9c58d5ba5d276f9fc7c63294ff0d5d30dbb3d6b4ad45a4988b1f87d
Score

10^/10

redline mix15.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinemix15.09discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy