redline | f2daa6612e2b856c0ae3a5dda95b63a94c41c0e2cda30539249d42c59c235623 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

f2daa6612e2b856c0ae3a5dda95b63a94c41c0e2cda30539249d42c59c235623
Size

243KB
Sample

210926-r7qrzaehdn
MD5

d2aab101152e38f070c47e667232d6a3
SHA1

2b57ece616241610c71c1a2d74ce1e41990ef822
SHA256

f2daa6612e2b856c0ae3a5dda95b63a94c41c0e2cda30539249d42c59c235623
SHA512

4a7e3204f4c6ae31db5621d289a9a8129a332f88b5cff823b46ee74191c8d0b1d0a176ce83ebc86fb523553e755b06d3feb328f1d03150b4e402ce9eb1f37408

Score

10^/10

redline pub discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f2daa6612e2b856c0ae3a5dda95b63a94c41c0e2cda30539249d42c59c235623.exe

Resource

win10v20210408

redline pub discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.20:13441

Targets

- Target
  
  f2daa6612e2b856c0ae3a5dda95b63a94c41c0e2cda30539249d42c59c235623
- Size
  
  243KB
- MD5
  
  d2aab101152e38f070c47e667232d6a3
- SHA1
  
  2b57ece616241610c71c1a2d74ce1e41990ef822
- SHA256
  
  f2daa6612e2b856c0ae3a5dda95b63a94c41c0e2cda30539249d42c59c235623
- SHA512
  
  4a7e3204f4c6ae31db5621d289a9a8129a332f88b5cff823b46ee74191c8d0b1d0a176ce83ebc86fb523553e755b06d3feb328f1d03150b4e402ce9eb1f37408
Score

10^/10

redline pub discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepubdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy