redline | ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
Size

765KB
Sample

210921-pak44scbbl
MD5

2be66ce2b5cfdfec51cdc633577f0cb4
SHA1

baf35c5c0fc89199e61010d2d52013c2d67cc6c6
SHA256

ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
SHA512

8e75844260c6b353feffb5b524e21f8373f6bdf3eefe1fdbb6e201fb8331de63be3256150118f340f9c6eba0b06c495e3e3589afb67a82743449fa28ecf7484a

Score

10^/10

redline 3 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf.exe

Resource

win10-en-20210920

redline 3 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

3

C2

116.203.27.211:4803

Targets

- Target
  
  ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
- Size
  
  765KB
- MD5
  
  2be66ce2b5cfdfec51cdc633577f0cb4
- SHA1
  
  baf35c5c0fc89199e61010d2d52013c2d67cc6c6
- SHA256
  
  ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
- SHA512
  
  8e75844260c6b353feffb5b524e21f8373f6bdf3eefe1fdbb6e201fb8331de63be3256150118f340f9c6eba0b06c495e3e3589afb67a82743449fa28ecf7484a
Score

10^/10

redline 3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline3discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy