redline | ef1bb3e18558e26d550ce853776d3e64c491abc15037ff73b60d95fd74a00198 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ef1bb3e18558e26d550ce853776d3e64c491abc15037ff73b60d95fd74a00198
Size

369KB
Sample

211015-2fr6tscdap
MD5

39c0f5636dd0ac2bdf1cc2fa7c20acd2
SHA1

97ff73eda0c48530463d02623edbe1517be5982b
SHA256

ef1bb3e18558e26d550ce853776d3e64c491abc15037ff73b60d95fd74a00198
SHA512

5a255bf6073e1994abcef770d965d4058c2856167e35e63bd0639297f133d63ab4cba6147688c8d7962d4ac19858260a864949db966b7186df72b16d70ab6e30

Score

10^/10

redline uts discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ef1bb3e18558e26d550ce853776d3e64c491abc15037ff73b60d95fd74a00198.exe

Resource

win10-en-20211014

redline uts discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.182:52236

Targets

- Target
  
  ef1bb3e18558e26d550ce853776d3e64c491abc15037ff73b60d95fd74a00198
- Size
  
  369KB
- MD5
  
  39c0f5636dd0ac2bdf1cc2fa7c20acd2
- SHA1
  
  97ff73eda0c48530463d02623edbe1517be5982b
- SHA256
  
  ef1bb3e18558e26d550ce853776d3e64c491abc15037ff73b60d95fd74a00198
- SHA512
  
  5a255bf6073e1994abcef770d965d4058c2856167e35e63bd0639297f133d63ab4cba6147688c8d7962d4ac19858260a864949db966b7186df72b16d70ab6e30
Score

10^/10

redline uts discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineutsdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy