redline | ce4c289a8e9dbe1dfb507a4d84b5d19360fdc8336c3f6960900f1df7512cfb72 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ce4c289a8e9dbe1dfb507a4d84b5d19360fdc8336c3f6960900f1df7512cfb72
Size

703KB
Sample

220126-lqvrpsbgg6
MD5

19a4e8837058b2b2f02e2a1969d5d7b4
SHA1

7ea9fbb4e6cdf180e021274ca78ad3111258f2ee
SHA256

ce4c289a8e9dbe1dfb507a4d84b5d19360fdc8336c3f6960900f1df7512cfb72
SHA512

2c49dac1fb0deb3e283a12013b6aff3761721fff1ff3a25911e701fd5456cd19ac462f408093cf1c9b8d58a823a61b8b2d09fb70bb3b35c9f8d8f03ebfa14546

Score

10^/10

redline mix26.01 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ce4c289a8e9dbe1dfb507a4d84b5d19360fdc8336c3f6960900f1df7512cfb72.exe

Resource

win10-en-20211208

redline mix26.01 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix26.01

C2

185.215.113.70:21508

Targets

- Target
  
  ce4c289a8e9dbe1dfb507a4d84b5d19360fdc8336c3f6960900f1df7512cfb72
- Size
  
  703KB
- MD5
  
  19a4e8837058b2b2f02e2a1969d5d7b4
- SHA1
  
  7ea9fbb4e6cdf180e021274ca78ad3111258f2ee
- SHA256
  
  ce4c289a8e9dbe1dfb507a4d84b5d19360fdc8336c3f6960900f1df7512cfb72
- SHA512
  
  2c49dac1fb0deb3e283a12013b6aff3761721fff1ff3a25911e701fd5456cd19ac462f408093cf1c9b8d58a823a61b8b2d09fb70bb3b35c9f8d8f03ebfa14546
Score

10^/10

redline mix26.01 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinemix26.01discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy