redline | 2ac1941605eefa531a21f48bcc8e9c0f24e06e71dbacb6fdf293cfde5ed32599 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

2ac1941605eefa531a21f48bcc8e9c0f24e06e71dbacb6fdf293cfde5ed32599
Size

302KB
Sample

210926-rgs5eaehg2
MD5

2defd418861380daa41c941ef7135fc9
SHA1

13e26b6777b240d9043807de1459d77665cdd07a
SHA256

2ac1941605eefa531a21f48bcc8e9c0f24e06e71dbacb6fdf293cfde5ed32599
SHA512

314b23c63e7824331e2567dcc7508ee357fc64d42a9ab4c2e442e9aa0b75d1f439c683f7e7011e29c2fd2e0df24df8a67fd48b4cd79478ea720b859f80843865

Score

10^/10

redline pub discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

2ac1941605eefa531a21f48bcc8e9c0f24e06e71dbacb6fdf293cfde5ed32599.exe

Resource

win10v20210408

redline pub discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.20:13441

Targets

- Target
  
  2ac1941605eefa531a21f48bcc8e9c0f24e06e71dbacb6fdf293cfde5ed32599
- Size
  
  302KB
- MD5
  
  2defd418861380daa41c941ef7135fc9
- SHA1
  
  13e26b6777b240d9043807de1459d77665cdd07a
- SHA256
  
  2ac1941605eefa531a21f48bcc8e9c0f24e06e71dbacb6fdf293cfde5ed32599
- SHA512
  
  314b23c63e7824331e2567dcc7508ee357fc64d42a9ab4c2e442e9aa0b75d1f439c683f7e7011e29c2fd2e0df24df8a67fd48b4cd79478ea720b859f80843865
Score

10^/10

redline pub discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepubdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy