redline | 79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
Size

980KB
Sample

220810-w5952sdecr
MD5

0341232d23900cb4c2a4de8c8618b887
SHA1

2e1786e38ed0dab09220973160ea046d354343c8
SHA256

79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
SHA512

4e46b36dacd53f8cc1431d0ab18ab54d0dbc6aad08637df41e9654fc12d369c7f4fb6976a8d79664a5d29fc7fbf97ddebb72adf1b0429e54843badf5924455f6

Score

10^/10

redline 4 @tag12312341 nam3 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f.exe

Resource

win10-20220722-en

redline 4 @tag12312341 nam3 discovery infostealer spyware stealer

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

4

C2

31.41.244.134:11643

Attributes

auth_value
a516b2d034ecd34338f12b50347fbd92

Extracted

Family

redline

Botnet

@tag12312341

C2

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:18728

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

C2

213.226.123.169:2014

Attributes

auth_value
5466def9b32e35b6a53d1117abb19867

Targets

- Target
  
  79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
- Size
  
  980KB
- MD5
  
  0341232d23900cb4c2a4de8c8618b887
- SHA1
  
  2e1786e38ed0dab09220973160ea046d354343c8
- SHA256
  
  79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
- SHA512
  
  4e46b36dacd53f8cc1431d0ab18ab54d0dbc6aad08637df41e9654fc12d369c7f4fb6976a8d79664a5d29fc7fbf97ddebb72adf1b0429e54843badf5924455f6
Score

10^/10

redline 4 @tag12312341 nam3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline4@tag12312341nam3discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy