redline | 43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
Size

661KB
Sample

211015-rbp6kabgbn
MD5

bbd83b469f85327a9ef00e65c9bade61
SHA1

10b09017964422f706e5bff5b7c903590138d34f
SHA256

43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
SHA512

46440dab2d5a55b65a0510c593aaf6c98941fd69fab4561b24ac855b43e69431823d19b8815fc5729e5c3d697b8425aa4946703d400f046aa2e277b3d22e8454

Score

10^/10

redline mix15.10 discovery infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43.exe

Resource

win10-en-20210920

redline mix15.10 discovery infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix15.10

C2

185.215.113.15:57055

Targets

- Target
  
  43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
- Size
  
  661KB
- MD5
  
  bbd83b469f85327a9ef00e65c9bade61
- SHA1
  
  10b09017964422f706e5bff5b7c903590138d34f
- SHA256
  
  43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
- SHA512
  
  46440dab2d5a55b65a0510c593aaf6c98941fd69fab4561b24ac855b43e69431823d19b8815fc5729e5c3d697b8425aa4946703d400f046aa2e277b3d22e8454
Score

10^/10

redline mix15.10 discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinemix15.10discoveryinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy