redline | 8f8f1ed7bc641b2a7cb1f28e765999ed247cc1c855537b87f5cf00358866487a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

8f8f1ed7bc641b2a7cb1f28e765999ed247cc1c855537b87f5cf00358866487a
Size

402KB
Sample

211125-2h1kzscch2
MD5

b635809fb0a1cf794429559aba6b9fed
SHA1

413c5c263dd07df563928b2c760b959c7b266a82
SHA256

8f8f1ed7bc641b2a7cb1f28e765999ed247cc1c855537b87f5cf00358866487a
SHA512

af3ff5d139b39e65a2d479e7401b086fedcbad96308a71ea188a31e9f12476d01f638f031b7d1448a2ed983780f3a74680a696af033fc585fc42faaa104f3f6a

Score

10^/10

redline updbdate discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8f8f1ed7bc641b2a7cb1f28e765999ed247cc1c855537b87f5cf00358866487a.exe

Resource

win10-en-20211104

redline updbdate discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Updbdate

C2

193.56.146.64:65441

Targets

- Target
  
  8f8f1ed7bc641b2a7cb1f28e765999ed247cc1c855537b87f5cf00358866487a
- Size
  
  402KB
- MD5
  
  b635809fb0a1cf794429559aba6b9fed
- SHA1
  
  413c5c263dd07df563928b2c760b959c7b266a82
- SHA256
  
  8f8f1ed7bc641b2a7cb1f28e765999ed247cc1c855537b87f5cf00358866487a
- SHA512
  
  af3ff5d139b39e65a2d479e7401b086fedcbad96308a71ea188a31e9f12476d01f638f031b7d1448a2ed983780f3a74680a696af033fc585fc42faaa104f3f6a
Score

10^/10

redline updbdate discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineupdbdatediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy