redline | 6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
Size

2.6MB
Sample

220822-wwmcmabebk
MD5

e0118ad4299455683d5d0708772742ef
SHA1

c80a27155317c3d08308cf8a55e4790f429bb2dd
SHA256

6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
SHA512

c6e9de83cbc63505359fb745f5417977df30445ab87d848081d526c8afe1ecb1ffa075bb80370862cd7d57b50c5dc23e68aac784f8e845a9d7195e6eb1ed99ec
SSDEEP

49152:pAI+1NpJc7YrEa2u2hq3PGh0p4EyqaeFEqLh09fqNZesF+AxnMtQSOanD9:pAI+vc8rHJ283PGi4EyduRLh0MNZesFS

Score

10^/10

redline 5 5076357887 molecule jk nam3 discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115.exe

Resource

win10-20220812-en

redline 5 5076357887 molecule jk nam3 discovery infostealer

windows10-1703-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:34589

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

5

C2

176.113.115.146:9582

Attributes

auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f

Extracted

Family

redline

Botnet

5076357887

C2

195.54.170.157:16525

Attributes

auth_value
0dfaff60271d374d0c206d19883e06f3

Extracted

Family

redline

Botnet

Molecule JK

C2

insttaller.com:40915

Attributes

auth_value
abb046f9600c78fd9272c2e96c3cfe48

Targets

- Target
  
  6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
- Size
  
  2.6MB
- MD5
  
  e0118ad4299455683d5d0708772742ef
- SHA1
  
  c80a27155317c3d08308cf8a55e4790f429bb2dd
- SHA256
  
  6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
- SHA512
  
  c6e9de83cbc63505359fb745f5417977df30445ab87d848081d526c8afe1ecb1ffa075bb80370862cd7d57b50c5dc23e68aac784f8e845a9d7195e6eb1ed99ec
- SSDEEP
  
  49152:pAI+1NpJc7YrEa2u2hq3PGh0p4EyqaeFEqLh09fqNZesF+AxnMtQSOanD9:pAI+vc8rHJ283PGi4EyduRLh0MNZesFS
Score

10^/10

redline 5 5076357887 molecule jk nam3 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline55076357887molecule jknam3discoveryinfostealer

© 2018-2024

Terms | Privacy