redline | a28665934ac932f780cd3c0d84cf0f94de8cf9abfb6864c0a842764be504858e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

a28665934ac932f780cd3c0d84cf0f94de8cf9abfb6864c0a842764be504858e
Size

76KB
Sample

211030-kdmd5aeff9
MD5

0bd9ddde07455acc3e62f1dbbbdeea64
SHA1

5ce810c7bbbff3360d3e4b6c63a7ddc83b91aeb1
SHA256

a28665934ac932f780cd3c0d84cf0f94de8cf9abfb6864c0a842764be504858e
SHA512

c8328b2b712aeb1630161d01cf1d4d84b23b895d350839e8a091f71b254f6775d70101e9ff7c4f6a10b12c856b6a59d9138fd7249d1322d6c9ced92cf55adf2d

Score

10^/10

redline d2 build2 microsoft evasion infostealer phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

a28665934ac932f780cd3c0d84cf0f94de8cf9abfb6864c0a842764be504858e.exe

Resource

win10-en-20210920

redline d2 build2 microsoft evasion infostealer phishing trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

D2 BUILD2

C2

212.193.30.193:33833

Targets

- Target
  
  a28665934ac932f780cd3c0d84cf0f94de8cf9abfb6864c0a842764be504858e
- Size
  
  76KB
- MD5
  
  0bd9ddde07455acc3e62f1dbbbdeea64
- SHA1
  
  5ce810c7bbbff3360d3e4b6c63a7ddc83b91aeb1
- SHA256
  
  a28665934ac932f780cd3c0d84cf0f94de8cf9abfb6864c0a842764be504858e
- SHA512
  
  c8328b2b712aeb1630161d01cf1d4d84b23b895d350839e8a091f71b254f6775d70101e9ff7c4f6a10b12c856b6a59d9138fd7249d1322d6c9ced92cf55adf2d
Score

10^/10

redline d2 build2 microsoft evasion infostealer phishing trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Turns off Windows Defender SpyNet reporting
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Nirsoft
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Disabling Security Tools

Modify Registry

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlined2 build2microsoftevasioninfostealerphishingtrojan

© 2018-2024

Terms | Privacy