redline | 2935131774dd8590ac80ea196a2643a04a855d0fb110c5bae1add8b5c28d853f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

2935131774dd8590ac80ea196a2643a04a855d0fb110c5bae1add8b5c28d853f
Size

664KB
Sample

211125-qhywlsfcfl
MD5

287c0c22d5f488c87a58dcab6963a41b
SHA1

1a80562c19b67c81cc256af2e676aa9977415bae
SHA256

2935131774dd8590ac80ea196a2643a04a855d0fb110c5bae1add8b5c28d853f
SHA512

dc6b0d57053165703be7c02e9e35e1b51a5c464eac64443080e337f6a2e6e510ca75cdae6f025c6425836adc94ab55266d753d4d53f8789a6ac877eff9aa4504

Score

10^/10

redline 25.11 discovery infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

2935131774dd8590ac80ea196a2643a04a855d0fb110c5bae1add8b5c28d853f.exe

Resource

win10-en-20211104

redline 25.11 discovery infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

25.11

C2

185.215.113.17:7700

Targets

- Target
  
  2935131774dd8590ac80ea196a2643a04a855d0fb110c5bae1add8b5c28d853f
- Size
  
  664KB
- MD5
  
  287c0c22d5f488c87a58dcab6963a41b
- SHA1
  
  1a80562c19b67c81cc256af2e676aa9977415bae
- SHA256
  
  2935131774dd8590ac80ea196a2643a04a855d0fb110c5bae1add8b5c28d853f
- SHA512
  
  dc6b0d57053165703be7c02e9e35e1b51a5c464eac64443080e337f6a2e6e510ca75cdae6f025c6425836adc94ab55266d753d4d53f8789a6ac877eff9aa4504
Score

10^/10

redline 25.11 discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline25.11discoveryinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy