redline | 6f2e0ba809d915ac14d418225fcd04b61d83f9c068c98725024c7af982009570 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

6f2e0ba809d915ac14d418225fcd04b61d83f9c068c98725024c7af982009570
Size

295KB
Sample

211126-tbwdpadcfk
MD5

46dc4b3105e3d8bcd558c9f881d1c452
SHA1

7c2ca97e4fd73eee616a980cebeb296a7dde4e42
SHA256

6f2e0ba809d915ac14d418225fcd04b61d83f9c068c98725024c7af982009570
SHA512

0c1d42d730f16f0220a0a0e38f9ef313b0b2f60c509d107eb93ea2c43f1691051d41c5e97466d886294c87fe19f313ad893e8ef45b0c538e7ebc19697ba85dd1

Score

10^/10

redline updbdate discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

6f2e0ba809d915ac14d418225fcd04b61d83f9c068c98725024c7af982009570.exe

Resource

win10-en-20211104

redline updbdate discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Updbdate

C2

193.56.146.64:65441

Targets

- Target
  
  6f2e0ba809d915ac14d418225fcd04b61d83f9c068c98725024c7af982009570
- Size
  
  295KB
- MD5
  
  46dc4b3105e3d8bcd558c9f881d1c452
- SHA1
  
  7c2ca97e4fd73eee616a980cebeb296a7dde4e42
- SHA256
  
  6f2e0ba809d915ac14d418225fcd04b61d83f9c068c98725024c7af982009570
- SHA512
  
  0c1d42d730f16f0220a0a0e38f9ef313b0b2f60c509d107eb93ea2c43f1691051d41c5e97466d886294c87fe19f313ad893e8ef45b0c538e7ebc19697ba85dd1
Score

10^/10

redline updbdate discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineupdbdatediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy