redline | 71218208d84b115ed655f61612567817b254c697831b1f817719c86c9ad6eb57 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

71218208d84b115ed655f61612567817b254c697831b1f817719c86c9ad6eb57
Size

366KB
Sample

211015-r3lbpabgdp
MD5

99a3e3cd7d4051a824bddb3a82155ef7
SHA1

f41d8ecc1a0d19f34f615600e7f153b67bd019dc
SHA256

71218208d84b115ed655f61612567817b254c697831b1f817719c86c9ad6eb57
SHA512

4b14da01d79a489cc46601e9d2ca5755145712caa3d085e7e91d744ebb9f3feb32ce23ec015684c65a17d0cd9353e5164969a57da570624c41e54d692ba0a4f0

Score

10^/10

redline uts discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

71218208d84b115ed655f61612567817b254c697831b1f817719c86c9ad6eb57.exe

Resource

win10-en-20210920

redline uts discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.182:52236

Targets

- Target
  
  71218208d84b115ed655f61612567817b254c697831b1f817719c86c9ad6eb57
- Size
  
  366KB
- MD5
  
  99a3e3cd7d4051a824bddb3a82155ef7
- SHA1
  
  f41d8ecc1a0d19f34f615600e7f153b67bd019dc
- SHA256
  
  71218208d84b115ed655f61612567817b254c697831b1f817719c86c9ad6eb57
- SHA512
  
  4b14da01d79a489cc46601e9d2ca5755145712caa3d085e7e91d744ebb9f3feb32ce23ec015684c65a17d0cd9353e5164969a57da570624c41e54d692ba0a4f0
Score

10^/10

redline uts discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineutsdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy