redline | 14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
Size

402KB
Sample

211125-zpekzsgfhk
MD5

b0e936df895d808ad6e94656df0cc9c0
SHA1

cdac1b82ed81230280d816ccb5c4bf045a98711e
SHA256

14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
SHA512

2cc95676b4d30c12b1fd6ee11805a4df5e170dfe264dbc328bed0c39243b734d765ea94d210c5e00d43ae509b60197ed454a0f3456ed3d5df8e33e389ad7b5d4

Score

10^/10

redline updbdate discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b.exe

Resource

win10-en-20211104

redline updbdate discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Updbdate

C2

193.56.146.64:65441

Targets

- Target
  
  14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
- Size
  
  402KB
- MD5
  
  b0e936df895d808ad6e94656df0cc9c0
- SHA1
  
  cdac1b82ed81230280d816ccb5c4bf045a98711e
- SHA256
  
  14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
- SHA512
  
  2cc95676b4d30c12b1fd6ee11805a4df5e170dfe264dbc328bed0c39243b734d765ea94d210c5e00d43ae509b60197ed454a0f3456ed3d5df8e33e389ad7b5d4
Score

10^/10

redline updbdate discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineupdbdatediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy