redline | 4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e
Size

784KB
Sample

220806-yg6h3acfg6
MD5

43089a1a50b1981a4dba7959e31e62f1
SHA1

c8db527eba66719e365672a17bd1eddc2085de9a
SHA256

4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e
SHA512

2777758eff7684d51ca8bc060f0652c14ef6999375061262acb5a741a2c927cfefe46bbbe733530777bd1d08893cce8e7f0631e157ff2069f6c75c5f3624b0fa

Score

10^/10

redline torrentold discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e.exe

Resource

win10v2004-20220722-en

redline torrentold discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

TORRENTOLD

C2

amrican-sport-live-stream.cc:4581

Attributes

auth_value
74e1b58bf920611f04c0e3919954fe05

Targets

- Target
  
  4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e
- Size
  
  784KB
- MD5
  
  43089a1a50b1981a4dba7959e31e62f1
- SHA1
  
  c8db527eba66719e365672a17bd1eddc2085de9a
- SHA256
  
  4fb57da6d703e8bebfdd51b7f579fb36127eee300880eeb5ca2be3f00cce154e
- SHA512
  
  2777758eff7684d51ca8bc060f0652c14ef6999375061262acb5a741a2c927cfefe46bbbe733530777bd1d08893cce8e7f0631e157ff2069f6c75c5f3624b0fa
Score

10^/10

redline torrentold discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetorrentolddiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy