redline | 2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08
Size

107KB
Sample

220825-vq4jaagbbp
MD5

d3b0ebb5f35fecb8c30b314fd571c76f
SHA1

905316a9ecbf93ec9b3869aee1f5776d4ab01dcb
SHA256

2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08
SHA512

553e13e572af4e3cf8a977e9caffb9fb0117726fa1094286e184b73a83f917024034c6d5ba75e50a6069fccac2d5f0546ab2bc0e19170fa8445c82cc2e88704a
SSDEEP

3072:TcvFBBCY2pieIhrY7foJm5PQcfxjdjhd4EASNX:Tcvf7aoJkYcTjhd4jS

Score

10^/10

redline top1 discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08.exe

Resource

win10v2004-20220812-en

redline top1 discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

top1

C2

185.2.83.247:80

Attributes

auth_value
fa2afa98a6579319e36e31ee0552bd57

Targets

- Target
  
  2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08
- Size
  
  107KB
- MD5
  
  d3b0ebb5f35fecb8c30b314fd571c76f
- SHA1
  
  905316a9ecbf93ec9b3869aee1f5776d4ab01dcb
- SHA256
  
  2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08
- SHA512
  
  553e13e572af4e3cf8a977e9caffb9fb0117726fa1094286e184b73a83f917024034c6d5ba75e50a6069fccac2d5f0546ab2bc0e19170fa8445c82cc2e88704a
- SSDEEP
  
  3072:TcvFBBCY2pieIhrY7foJm5PQcfxjdjhd4EASNX:Tcvf7aoJkYcTjhd4jS
Score

10^/10

redline top1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetop1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy