redline | 9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
Size

387KB
Sample

211015-rv76gsbag3
MD5

8bc8fafdc59a16368c086fe42dd5fe32
SHA1

2452b9925908520aacfc74d5761a9ef652d7d49f
SHA256

9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
SHA512

bb3d321e1bcd48084b4c7f17ccc8ee5313790bd093092adc067a9ccb70728ce33666604a4c72f3abe35ffd1910201970a61598feb825240f4d6de5a650deb1ce

Score

10^/10

redline paladin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d.exe

Resource

win10-en-20210920

redline paladin discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

37.228.129.48:29795

Targets

- Target
  
  9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
- Size
  
  387KB
- MD5
  
  8bc8fafdc59a16368c086fe42dd5fe32
- SHA1
  
  2452b9925908520aacfc74d5761a9ef652d7d49f
- SHA256
  
  9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
- SHA512
  
  bb3d321e1bcd48084b4c7f17ccc8ee5313790bd093092adc067a9ccb70728ce33666604a4c72f3abe35ffd1910201970a61598feb825240f4d6de5a650deb1ce
Score

10^/10

redline paladin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepaladindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy