redline | e162906e8dea9eaddf11facb2572ad99afe760fcb42d84fb586e5c71020fc5b1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

e162906e8dea9eaddf11facb2572ad99afe760fcb42d84fb586e5c71020fc5b1
Size

402KB
Sample

211125-z8dg2agggr
MD5

907101aced87a3d39067a95c4c238aab
SHA1

8a53ede494541b8273730cdd763572250295cd32
SHA256

e162906e8dea9eaddf11facb2572ad99afe760fcb42d84fb586e5c71020fc5b1
SHA512

0ce5c58b8f6a188a7849ed98cfb320e1dcf88762f4f4d1e61a5987aa32a31208420b4f21d773f486e61593b87bf5e199f1169f89e5ec4fbc56c81500cd362ee3

Score

10^/10

redline pubdate discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e162906e8dea9eaddf11facb2572ad99afe760fcb42d84fb586e5c71020fc5b1.exe

Resource

win10-en-20211104

redline pubdate discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Pubdate

C2

193.56.146.64:65441

Targets

- Target
  
  e162906e8dea9eaddf11facb2572ad99afe760fcb42d84fb586e5c71020fc5b1
- Size
  
  402KB
- MD5
  
  907101aced87a3d39067a95c4c238aab
- SHA1
  
  8a53ede494541b8273730cdd763572250295cd32
- SHA256
  
  e162906e8dea9eaddf11facb2572ad99afe760fcb42d84fb586e5c71020fc5b1
- SHA512
  
  0ce5c58b8f6a188a7849ed98cfb320e1dcf88762f4f4d1e61a5987aa32a31208420b4f21d773f486e61593b87bf5e199f1169f89e5ec4fbc56c81500cd362ee3
Score

10^/10

redline pubdate discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepubdatediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy