redline | 9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
Size

414KB
Sample

211020-z1h3jshfb3
MD5

e60b0a87a3c1b9aa776e27eb514df964
SHA1

2bab7e70e32d50a870e327ef1ea004a568b5acd2
SHA256

9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
SHA512

2ec32d69e9036b89a8eba6de01e8596f46e70be388fa5bd366af3a376fe791050085f08868ff3a0a2fd662e81bf9267443d833a0441462d2a76a661284e36257

Score

10^/10

redline udp discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d.exe

Resource

win10-en-20211014

redline udp discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Targets

- Target
  
  9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
- Size
  
  414KB
- MD5
  
  e60b0a87a3c1b9aa776e27eb514df964
- SHA1
  
  2bab7e70e32d50a870e327ef1ea004a568b5acd2
- SHA256
  
  9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
- SHA512
  
  2ec32d69e9036b89a8eba6de01e8596f46e70be388fa5bd366af3a376fe791050085f08868ff3a0a2fd662e81bf9267443d833a0441462d2a76a661284e36257
Score

10^/10

redline udp discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineudpdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy