redline | 029b7bbaee0e5674d1d7ce7b9946403b1766e5222d421ba75d766e6d254a1b5a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

029b7bbaee0e5674d1d7ce7b9946403b1766e5222d421ba75d766e6d254a1b5a
Size

658KB
Sample

211019-lrcbrafed2
MD5

667b804d1e6b2696ab68f5507588d7b0
SHA1

bb6f3e942add912e5004c4baebac6912b9000cdb
SHA256

029b7bbaee0e5674d1d7ce7b9946403b1766e5222d421ba75d766e6d254a1b5a
SHA512

722d0d43cab98bfa408283036880e4a77d78acc038aac0ba8f7a53765c4120c3101c970febd25bf9dd0764f4478e7b6ec624a0ff286fe81d60f4f91724671b7a

Score

10^/10

redline mix19.10 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

029b7bbaee0e5674d1d7ce7b9946403b1766e5222d421ba75d766e6d254a1b5a.exe

Resource

win10-en-20210920

redline mix19.10 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix19.10

C2

185.215.113.15:57055

Targets

- Target
  
  029b7bbaee0e5674d1d7ce7b9946403b1766e5222d421ba75d766e6d254a1b5a
- Size
  
  658KB
- MD5
  
  667b804d1e6b2696ab68f5507588d7b0
- SHA1
  
  bb6f3e942add912e5004c4baebac6912b9000cdb
- SHA256
  
  029b7bbaee0e5674d1d7ce7b9946403b1766e5222d421ba75d766e6d254a1b5a
- SHA512
  
  722d0d43cab98bfa408283036880e4a77d78acc038aac0ba8f7a53765c4120c3101c970febd25bf9dd0764f4478e7b6ec624a0ff286fe81d60f4f91724671b7a
Score

10^/10

redline mix19.10 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemix19.10discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy