redline | ea2eed94a0b7c9156659ac038b7a689786caec18722eaf7662f93a483e586293 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ea2eed94a0b7c9156659ac038b7a689786caec18722eaf7662f93a483e586293
Size

664KB
Sample

211125-h3v2fseecl
MD5

2f5ee406a38d611efe64d9cb230742b7
SHA1

b7af822f42610ba3976afed9638a091a02bbeae1
SHA256

ea2eed94a0b7c9156659ac038b7a689786caec18722eaf7662f93a483e586293
SHA512

b5c07ffc347da2e3e22b703f0cb6d2ea12e10f7353f3de3786b9c164f29bcd71dc957178304f5f6f3f6c7412881a11b0be4b200c6bb0a5391ebed6a6250842c8

Score

10^/10

redline 25.11 discovery infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

ea2eed94a0b7c9156659ac038b7a689786caec18722eaf7662f93a483e586293.exe

Resource

win10-en-20211104

redline 25.11 discovery infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

25.11

C2

185.215.113.17:7700

Targets

- Target
  
  ea2eed94a0b7c9156659ac038b7a689786caec18722eaf7662f93a483e586293
- Size
  
  664KB
- MD5
  
  2f5ee406a38d611efe64d9cb230742b7
- SHA1
  
  b7af822f42610ba3976afed9638a091a02bbeae1
- SHA256
  
  ea2eed94a0b7c9156659ac038b7a689786caec18722eaf7662f93a483e586293
- SHA512
  
  b5c07ffc347da2e3e22b703f0cb6d2ea12e10f7353f3de3786b9c164f29bcd71dc957178304f5f6f3f6c7412881a11b0be4b200c6bb0a5391ebed6a6250842c8
Score

10^/10

redline 25.11 discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline25.11discoveryinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy