redline | 1e1daae3257119a71a5f017ca4986a933a961b226955b651fc91502ac391a5fc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

1e1daae3257119a71a5f017ca4986a933a961b226955b651fc91502ac391a5fc
Size

361KB
Sample

211108-z2fc2sabgk
MD5

60c1c744ea8ef33fecca02fc1ed86d87
SHA1

8c63cb28883d6816e13a4a1da3915233687fb33f
SHA256

1e1daae3257119a71a5f017ca4986a933a961b226955b651fc91502ac391a5fc
SHA512

082e8176ab8648e3427f2fcbc6c472ea47091e14c9062214cc4f3a6b33336e18a8c2c5d48cda0be855b1f9e4d9c06ea90584ee5b8b6381b5cb01f474642b2ea0

Score

10^/10

redline 09.11 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1e1daae3257119a71a5f017ca4986a933a961b226955b651fc91502ac391a5fc.exe

Resource

win10-en-20211014

redline 09.11 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

09.11

C2

185.215.113.17:7700

Targets

- Target
  
  1e1daae3257119a71a5f017ca4986a933a961b226955b651fc91502ac391a5fc
- Size
  
  361KB
- MD5
  
  60c1c744ea8ef33fecca02fc1ed86d87
- SHA1
  
  8c63cb28883d6816e13a4a1da3915233687fb33f
- SHA256
  
  1e1daae3257119a71a5f017ca4986a933a961b226955b651fc91502ac391a5fc
- SHA512
  
  082e8176ab8648e3427f2fcbc6c472ea47091e14c9062214cc4f3a6b33336e18a8c2c5d48cda0be855b1f9e4d9c06ea90584ee5b8b6381b5cb01f474642b2ea0
Score

10^/10

redline 09.11 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline09.11discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy