redline | 216a5280c41774f8d5c9e9d71a29ad242fe7bd2adabb79fece903f30b9380912 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

216a5280c41774f8d5c9e9d71a29ad242fe7bd2adabb79fece903f30b9380912
Size

2.6MB
Sample

220820-spwe6sddbj
MD5

16c184621396ef249ea2a9be6bf2a3eb
SHA1

3f634640ef1df4281cc5693422c07f7cc51c2725
SHA256

216a5280c41774f8d5c9e9d71a29ad242fe7bd2adabb79fece903f30b9380912
SHA512

6a581f23e1f8372667f0a383d6ce7cc8eca513611d5caa1503713fc985de3063b5806be319cdadda3aba957300c1aa138d545892987cb87ce5aa2bb68660e644
SSDEEP

49152:pAI+uNpJc7YrEa2u2hq3PGh0lbPZF+tfFVBGY+8zYjZxXLuCBrENNyoUIOpRgP8i:pAI+Yc8rHJ283PGoL/ITBwpzLuS2NJUI

Score

10^/10

redline 5 5076357887 nam3 discovery infostealer persistence

Static task

static1

Behavioral task

behavioral1

Sample

216a5280c41774f8d5c9e9d71a29ad242fe7bd2adabb79fece903f30b9380912.exe

Resource

win10-20220812-en

redline 5 5076357887 nam3 discovery infostealer persistence

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

5076357887

C2

195.54.170.157:16525

Attributes

auth_value
0dfaff60271d374d0c206d19883e06f3

Extracted

Family

redline

Botnet

5

C2

176.113.115.146:9582

Attributes

auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:34589

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Targets

- Target
  
  216a5280c41774f8d5c9e9d71a29ad242fe7bd2adabb79fece903f30b9380912
- Size
  
  2.6MB
- MD5
  
  16c184621396ef249ea2a9be6bf2a3eb
- SHA1
  
  3f634640ef1df4281cc5693422c07f7cc51c2725
- SHA256
  
  216a5280c41774f8d5c9e9d71a29ad242fe7bd2adabb79fece903f30b9380912
- SHA512
  
  6a581f23e1f8372667f0a383d6ce7cc8eca513611d5caa1503713fc985de3063b5806be319cdadda3aba957300c1aa138d545892987cb87ce5aa2bb68660e644
- SSDEEP
  
  49152:pAI+uNpJc7YrEa2u2hq3PGh0lbPZF+tfFVBGY+8zYjZxXLuCBrENNyoUIOpRgP8i:pAI+Yc8rHJ283PGoL/ITBwpzLuS2NJUI
Score

10^/10

redline 5 5076357887 nam3 discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline55076357887nam3discoveryinfostealerpersistence

© 2018-2024

Terms | Privacy