redline | 515d19700da0a1c4e9d1218abe2d2254fa301c6058dad9e52ab526f23b7ec3bc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

515d19700da0a1c4e9d1218abe2d2254fa301c6058dad9e52ab526f23b7ec3bc
Size

702KB
Sample

220126-r4tz8adhgp
MD5

e83fb6be296209fb84f4aaf841dfb612
SHA1

6fd64d310390ae74a25dc406fa85cd2fc977591d
SHA256

515d19700da0a1c4e9d1218abe2d2254fa301c6058dad9e52ab526f23b7ec3bc
SHA512

979595067059ddd3ae4c49af7a0a1b7e4dc048ad3796b9ad790a033e587a49c65e8da2df176759ccd7d4593f92213a5c8d6648d7a4c7b753cd0d180abb892155

Score

10^/10

redline mix26.01 discovery infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

515d19700da0a1c4e9d1218abe2d2254fa301c6058dad9e52ab526f23b7ec3bc.exe

Resource

win10-en-20211208

redline mix26.01 discovery infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

mix26.01

C2

185.215.113.70:21508

Targets

- Target
  
  515d19700da0a1c4e9d1218abe2d2254fa301c6058dad9e52ab526f23b7ec3bc
- Size
  
  702KB
- MD5
  
  e83fb6be296209fb84f4aaf841dfb612
- SHA1
  
  6fd64d310390ae74a25dc406fa85cd2fc977591d
- SHA256
  
  515d19700da0a1c4e9d1218abe2d2254fa301c6058dad9e52ab526f23b7ec3bc
- SHA512
  
  979595067059ddd3ae4c49af7a0a1b7e4dc048ad3796b9ad790a033e587a49c65e8da2df176759ccd7d4593f92213a5c8d6648d7a4c7b753cd0d180abb892155
Score

10^/10

redline mix26.01 discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinemix26.01discoveryinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy