redline | 0c23eff9a277566a9b6422f89e942cb6a8e99a2e173338243114d7658ccda921 | Triage

Submit
Reports

Overview

overview

Static

static

8

dridex

windows10_x64

Sharing

General

Target

0c23eff9a277566a9b6422f89e942cb6a8e99a2e173338243114d7658ccda921
Size

5.9MB
Sample

211218-j67ebsefc7
MD5

8b3d932651fff1433dc7e5e4754acda4
SHA1

f540f07f7ea8d5e49486c50af7eb798d5ddf9afe
SHA256

0c23eff9a277566a9b6422f89e942cb6a8e99a2e173338243114d7658ccda921
SHA512

b2eb5b78197e7cb708f46912e1470e4dd9fdc61afc3e1007025507e7b184cf9987f045391e8ebb78676154a0c6312560a813964addc43727afceef43cdbd228b

Score

10^/10

redline 444 infostealer spyware vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

0c23eff9a277566a9b6422f89e942cb6a8e99a2e173338243114d7658ccda921.exe

Resource

win10-en-20211208

redline 444 infostealer spyware vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

444

C2

31.131.254.105:1498

Targets

- Target
  
  0c23eff9a277566a9b6422f89e942cb6a8e99a2e173338243114d7658ccda921
- Size
  
  5.9MB
- MD5
  
  8b3d932651fff1433dc7e5e4754acda4
- SHA1
  
  f540f07f7ea8d5e49486c50af7eb798d5ddf9afe
- SHA256
  
  0c23eff9a277566a9b6422f89e942cb6a8e99a2e173338243114d7658ccda921
- SHA512
  
  b2eb5b78197e7cb708f46912e1470e4dd9fdc61afc3e1007025507e7b184cf9987f045391e8ebb78676154a0c6312560a813964addc43727afceef43cdbd228b
Score

10^/10

redline 444 infostealer spyware vmprotect
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline444infostealerspywarevmprotect

© 2018-2024

Terms | Privacy