redline | 980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
Size

2.4MB
Sample

220705-3jqmvaecfp
MD5

57201fbd801fd4c98772aa34d60a44ce
SHA1

f54e549937f92c9fd68d537105e007e799549374
SHA256

980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
SHA512

851f6d6241af1765b0894a0f4b33e1f83f538d21bd19feb3fc5b07a37167387f816ba44dc02ed0192c1bb9fdffb42d7d525ebcddebb65a1e891cfeb9d2a036e2

Score

10^/10

redline infostealer persistence spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172.exe

Resource

win10-20220414-en

redline infostealer persistence spyware upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

141.95.140.173:33470

Attributes

auth_value
6d9508e5573e656e0dc3c4c5f8526d8e

Targets

- Target
  
  980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
- Size
  
  2.4MB
- MD5
  
  57201fbd801fd4c98772aa34d60a44ce
- SHA1
  
  f54e549937f92c9fd68d537105e007e799549374
- SHA256
  
  980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
- SHA512
  
  851f6d6241af1765b0894a0f4b33e1f83f538d21bd19feb3fc5b07a37167387f816ba44dc02ed0192c1bb9fdffb42d7d525ebcddebb65a1e891cfeb9d2a036e2
Score

10^/10

redline infostealer persistence spyware upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlineinfostealerpersistencespywareupx

© 2018-2024

Terms | Privacy