redline | 6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
Size

365KB
Sample

211015-sd8alabgfk
MD5

cc2792f322404d7033f396be113718d3
SHA1

d5c885ef21504532945cb824dbb571d87f385ccf
SHA256

6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
SHA512

0bef035a20010af9e4fa9b84d502d3ee3940d781d9307a78ab8cf002b9e179cf4ad2c01786bcfa387c28206e6c2c9664f2d7b3805ba80b9c2f2460a29b02f861

Score

10^/10

redline udp discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44.exe

Resource

win10-en-20210920

redline udp discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Targets

- Target
  
  6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
- Size
  
  365KB
- MD5
  
  cc2792f322404d7033f396be113718d3
- SHA1
  
  d5c885ef21504532945cb824dbb571d87f385ccf
- SHA256
  
  6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
- SHA512
  
  0bef035a20010af9e4fa9b84d502d3ee3940d781d9307a78ab8cf002b9e179cf4ad2c01786bcfa387c28206e6c2c9664f2d7b3805ba80b9c2f2460a29b02f861
Score

10^/10

redline udp discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineudpdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy