redline | 57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
Size

390KB
Sample

211016-gredwsceem
MD5

72a14140d37552b63e74de5f1510255d
SHA1

9af685fe59c7b73ef7c53a706513d595ca13c51d
SHA256

57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
SHA512

495c95c953e704a9de50fb9f0d9218d43903a04c5c4094ae86c9a3ae16c40a2310409cf6eaf0d9b525421fc37ace0723b8112130ad2886680ff383369ce0b785

Score

10^/10

redline paladin discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da.exe

Resource

win10-en-20211014

redline paladin discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

37.228.129.48:29795

Targets

- Target
  
  57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
- Size
  
  390KB
- MD5
  
  72a14140d37552b63e74de5f1510255d
- SHA1
  
  9af685fe59c7b73ef7c53a706513d595ca13c51d
- SHA256
  
  57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
- SHA512
  
  495c95c953e704a9de50fb9f0d9218d43903a04c5c4094ae86c9a3ae16c40a2310409cf6eaf0d9b525421fc37ace0723b8112130ad2886680ff383369ce0b785
Score

10^/10

redline paladin discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepaladindiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy