redline | 7949b7e6df41eb41b0ad2625100556dbb4be7f28221d84410b339db12ec7d41b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

7949b7e6df41eb41b0ad2625100556dbb4be7f28221d84410b339db12ec7d41b
Size

239KB
Sample

210926-zf9d1afccr
MD5

6967b51a90147084c4df795e53aafc04
SHA1

a0d12be383a73169a76e77964e9b1d34c8261127
SHA256

7949b7e6df41eb41b0ad2625100556dbb4be7f28221d84410b339db12ec7d41b
SHA512

115a16dea8d8f4a125c33a6413c804d5bc977b8263798b7d625f615124fad7205f2a816405eb7d81f297a5487f158445abdd94fe37e00f40c2da0da312854796

Score

10^/10

redline uts discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7949b7e6df41eb41b0ad2625100556dbb4be7f28221d84410b339db12ec7d41b.exe

Resource

win10-en-20210920

redline uts discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

- Target
  
  7949b7e6df41eb41b0ad2625100556dbb4be7f28221d84410b339db12ec7d41b
- Size
  
  239KB
- MD5
  
  6967b51a90147084c4df795e53aafc04
- SHA1
  
  a0d12be383a73169a76e77964e9b1d34c8261127
- SHA256
  
  7949b7e6df41eb41b0ad2625100556dbb4be7f28221d84410b339db12ec7d41b
- SHA512
  
  115a16dea8d8f4a125c33a6413c804d5bc977b8263798b7d625f615124fad7205f2a816405eb7d81f297a5487f158445abdd94fe37e00f40c2da0da312854796
Score

10^/10

redline uts discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineutsdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy