redline | 3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
Size

458KB
Sample

220129-jwhyzsgabm
MD5

a03ee84873f31ecee95290104f4e678f
SHA1

af01efe138ae278621b49724ece9b0bac60b1f10
SHA256

3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
SHA512

278d7f253a9ee40344fd0e2459b6e4b6edbaeb512a29e33653ec53242820498429a449b3293728ab17243744b82311a65572987822a64716361011e556c93b87

Score

10^/10

redline discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e.exe

Resource

win10v2004-en-20220112

redline discovery infostealer persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
- Size
  
  458KB
- MD5
  
  a03ee84873f31ecee95290104f4e678f
- SHA1
  
  af01efe138ae278621b49724ece9b0bac60b1f10
- SHA256
  
  3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
- SHA512
  
  278d7f253a9ee40344fd0e2459b6e4b6edbaeb512a29e33653ec53242820498429a449b3293728ab17243744b82311a65572987822a64716361011e556c93b87
Score

10^/10

redline discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy