redline | e499e00cced127c79ded2a465ab62fd6390f5ec65226dc90058deb8671332bd0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

e499e00cced127c79ded2a465ab62fd6390f5ec65226dc90058deb8671332bd0
Size

337KB
Sample

211021-laxalaahdr
MD5

f006215860b9e1f104817ba0d9a03966
SHA1

4d6a6148df91b81cf1ceb527e130150b797ed0c6
SHA256

e499e00cced127c79ded2a465ab62fd6390f5ec65226dc90058deb8671332bd0
SHA512

6d2e37d8ee9d8cd3074566293f4af80947b0f08394b4721045007c85700a06d956d0ffb482d693379341a71967a2d964a4da2b0acc73b456e65925fb92ad1a3e

Score

10^/10

redline pub discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e499e00cced127c79ded2a465ab62fd6390f5ec65226dc90058deb8671332bd0.exe

Resource

win10-en-20211014

redline pub discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

PUB

C2

45.9.20.182:52236

Targets

- Target
  
  e499e00cced127c79ded2a465ab62fd6390f5ec65226dc90058deb8671332bd0
- Size
  
  337KB
- MD5
  
  f006215860b9e1f104817ba0d9a03966
- SHA1
  
  4d6a6148df91b81cf1ceb527e130150b797ed0c6
- SHA256
  
  e499e00cced127c79ded2a465ab62fd6390f5ec65226dc90058deb8671332bd0
- SHA512
  
  6d2e37d8ee9d8cd3074566293f4af80947b0f08394b4721045007c85700a06d956d0ffb482d693379341a71967a2d964a4da2b0acc73b456e65925fb92ad1a3e
Score

10^/10

redline pub discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepubdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy