redline | 191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950
Size

444KB
Sample

220126-n8rh4scedl
MD5

2cca70300e75df503f6676803b470383
SHA1

7de77087c0dd09612acb8aa97025c9aa495e64f3
SHA256

191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950
SHA512

a0def3aba2baaff74eb4e98e399ad053d81929a7d8a45c954cc0aacfe86c8b411cabcdc823f543859c059c53abe874ba13d3a5cb5ba56007eb619fa55c538126

Score

10^/10

redline discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950.exe

Resource

win10v2004-en-20220112

redline discovery infostealer persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950
- Size
  
  444KB
- MD5
  
  2cca70300e75df503f6676803b470383
- SHA1
  
  7de77087c0dd09612acb8aa97025c9aa495e64f3
- SHA256
  
  191cfad3f68bdedbad3b6840e8d93ba5bb2566717de801264684c679340df950
- SHA512
  
  a0def3aba2baaff74eb4e98e399ad053d81929a7d8a45c954cc0aacfe86c8b411cabcdc823f543859c059c53abe874ba13d3a5cb5ba56007eb619fa55c538126
Score

10^/10

redline discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy