redline | b91f8fa5b1d448009be042a2f3e9b80cf2d7052a4f6dda414af3f2379fe4f57d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

b91f8fa5b1d448009be042a2f3e9b80cf2d7052a4f6dda414af3f2379fe4f57d
Size

654KB
Sample

211022-dr6xcsbaf9
MD5

1f8bd87d16b7c037fc45331eaa736156
SHA1

e61670f159479d7b4b7480c6a5fe7bd2c1c631bb
SHA256

b91f8fa5b1d448009be042a2f3e9b80cf2d7052a4f6dda414af3f2379fe4f57d
SHA512

f3bfc7c1606495967e624a48f4ba87962d91e83a31f931f5c222fe74c988f7380d99c83bef31221b3a78825175d031c7139d13f96cbbcf6573aed71cfcfd717e

Score

10^/10

redline 22.10 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b91f8fa5b1d448009be042a2f3e9b80cf2d7052a4f6dda414af3f2379fe4f57d.exe

Resource

win10-en-20210920

redline 22.10 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

22.10

C2

185.215.113.17:7700

Targets

- Target
  
  b91f8fa5b1d448009be042a2f3e9b80cf2d7052a4f6dda414af3f2379fe4f57d
- Size
  
  654KB
- MD5
  
  1f8bd87d16b7c037fc45331eaa736156
- SHA1
  
  e61670f159479d7b4b7480c6a5fe7bd2c1c631bb
- SHA256
  
  b91f8fa5b1d448009be042a2f3e9b80cf2d7052a4f6dda414af3f2379fe4f57d
- SHA512
  
  f3bfc7c1606495967e624a48f4ba87962d91e83a31f931f5c222fe74c988f7380d99c83bef31221b3a78825175d031c7139d13f96cbbcf6573aed71cfcfd717e
Score

10^/10

redline 22.10 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline22.10discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy