redline | 729084f6d88be2d16943d11cf0fcd770b317fecc6af0631a631d40856cb7977c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

729084f6d88be2d16943d11cf0fcd770b317fecc6af0631a631d40856cb7977c
Size

336KB
Sample

211020-2zlhdshfe6
MD5

4d38c65df45de075610755d4d9c17fd1
SHA1

ddbcd0e0c23fc7a2d5328f604219c01aa7d75acb
SHA256

729084f6d88be2d16943d11cf0fcd770b317fecc6af0631a631d40856cb7977c
SHA512

825107792deea0fae2820b73425948a7828c2742dde848270aa6221375fc91d13c9c59f604d208ae31a1883adfcfa224b484487ac1ad74beb084daf2a3258b8f

Score

10^/10

redline udp discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

729084f6d88be2d16943d11cf0fcd770b317fecc6af0631a631d40856cb7977c.exe

Resource

win10-en-20210920

redline udp discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Targets

- Target
  
  729084f6d88be2d16943d11cf0fcd770b317fecc6af0631a631d40856cb7977c
- Size
  
  336KB
- MD5
  
  4d38c65df45de075610755d4d9c17fd1
- SHA1
  
  ddbcd0e0c23fc7a2d5328f604219c01aa7d75acb
- SHA256
  
  729084f6d88be2d16943d11cf0fcd770b317fecc6af0631a631d40856cb7977c
- SHA512
  
  825107792deea0fae2820b73425948a7828c2742dde848270aa6221375fc91d13c9c59f604d208ae31a1883adfcfa224b484487ac1ad74beb084daf2a3258b8f
Score

10^/10

redline udp discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineudpdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy