redline | 86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
Size

2.6MB
Sample

220822-w2j5fsede6
MD5

55ba4842ad9f8cdb9ef581eebe3081e1
SHA1

e4d9e92cd769624059d40a90922dabf097835a25
SHA256

86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
SHA512

d664695499b44876f3c7af475190ddd11122b69caf7bcd8a4820b07edde577468cc93b941139fd88230c3e3ed7beab5c657e874791a78e85730b18bff9587881
SSDEEP

49152:pAI+lNpJc7YrEa2u2hq3PGh0p4EyqaeFEqLh09fqNZesF+AxnMtQSOQM/+:pAI+fc8rHJ283PGi4EyduRLh0MNZesFu

Score

10^/10

redline 5 5076357887 molecule jk nam3 discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8.exe

Resource

win10-20220812-en

redline 5 5076357887 molecule jk nam3 discovery infostealer

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:34589

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

5076357887

C2

195.54.170.157:16525

Attributes

auth_value
0dfaff60271d374d0c206d19883e06f3

Extracted

Family

redline

Botnet

5

C2

176.113.115.146:9582

Attributes

auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f

Extracted

Family

redline

Botnet

Molecule JK

C2

insttaller.com:40915

Attributes

auth_value
abb046f9600c78fd9272c2e96c3cfe48

Targets

- Target
  
  86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
- Size
  
  2.6MB
- MD5
  
  55ba4842ad9f8cdb9ef581eebe3081e1
- SHA1
  
  e4d9e92cd769624059d40a90922dabf097835a25
- SHA256
  
  86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
- SHA512
  
  d664695499b44876f3c7af475190ddd11122b69caf7bcd8a4820b07edde577468cc93b941139fd88230c3e3ed7beab5c657e874791a78e85730b18bff9587881
- SSDEEP
  
  49152:pAI+lNpJc7YrEa2u2hq3PGh0p4EyqaeFEqLh09fqNZesF+AxnMtQSOQM/+:pAI+fc8rHJ283PGi4EyduRLh0MNZesFu
Score

10^/10

redline 5 5076357887 molecule jk nam3 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline55076357887molecule jknam3discoveryinfostealer

© 2018-2024

Terms | Privacy