redline | 8328a866d6094c361f988ef4147c06a07f000101909df338f9c28c4b373813ec | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

8328a866d6094c361f988ef4147c06a07f000101909df338f9c28c4b373813ec
Size

980KB
Sample

220810-w92pgadegk
MD5

0f66e2e2ead56a18fb811927cb36cf49
SHA1

5a280c2d426b267f7435cefcad6b13907918a561
SHA256

8328a866d6094c361f988ef4147c06a07f000101909df338f9c28c4b373813ec
SHA512

0e8924b5a988cfb2e9bc0c2b91f138a214299f29dffac669d3e083691f738175059b6a82a1e1268e203831e26e09e3864ba03f44fee05a5fa10300ae3523d63f

Score

10^/10

redline 4 @tag12312341 nam3 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8328a866d6094c361f988ef4147c06a07f000101909df338f9c28c4b373813ec.exe

Resource

win10-20220718-en

redline 4 @tag12312341 nam3 discovery infostealer spyware stealer

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:18728

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

4

C2

31.41.244.134:11643

Attributes

auth_value
a516b2d034ecd34338f12b50347fbd92

Extracted

Family

redline

Botnet

@tag12312341

C2

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Extracted

Family

redline

C2

213.226.123.169:2014

Attributes

auth_value
5466def9b32e35b6a53d1117abb19867

Targets

- Target
  
  8328a866d6094c361f988ef4147c06a07f000101909df338f9c28c4b373813ec
- Size
  
  980KB
- MD5
  
  0f66e2e2ead56a18fb811927cb36cf49
- SHA1
  
  5a280c2d426b267f7435cefcad6b13907918a561
- SHA256
  
  8328a866d6094c361f988ef4147c06a07f000101909df338f9c28c4b373813ec
- SHA512
  
  0e8924b5a988cfb2e9bc0c2b91f138a214299f29dffac669d3e083691f738175059b6a82a1e1268e203831e26e09e3864ba03f44fee05a5fa10300ae3523d63f
Score

10^/10

redline 4 @tag12312341 nam3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline4@tag12312341nam3discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy