redline | 97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62 | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10_x64

Sharing

General

Target

97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
Size

6.3MB
Sample

220301-yehn8achdl
MD5

47d8679cef92d54658d18b82d662a266
SHA1

90abb5e5648457b1fdace92f3749c31473193e55
SHA256

97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
SHA512

05cb6ffaedfe0713545a0d27d1c27f6031d483698bfa14cc5037f918814500643ae461a3dfe003e5dab6aff5b979e8164157c20a2e526eb681aeed699915ab87

Score

10^/10

redline bild discovery evasion infostealer spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62.exe

Resource

win10-20220223-en

redline bild discovery evasion infostealer spyware stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

bild

C2

95.216.21.217:19597

Attributes

auth_value
6a86304a315cc6a978ccb33feb915de5

Targets

- Target
  
  97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
- Size
  
  6.3MB
- MD5
  
  47d8679cef92d54658d18b82d662a266
- SHA1
  
  90abb5e5648457b1fdace92f3749c31473193e55
- SHA256
  
  97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
- SHA512
  
  05cb6ffaedfe0713545a0d27d1c27f6031d483698bfa14cc5037f918814500643ae461a3dfe003e5dab6aff5b979e8164157c20a2e526eb681aeed699915ab87
Score

10^/10

redline bild discovery evasion infostealer spyware stealer themida trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinebilddiscoveryevasioninfostealerspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy