redline | f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
Size

361KB
Sample

220925-d48aysedbr
MD5

90061126e50affbb9725cdf73489660f
SHA1

c4250d9107c38e7c2a6b7f244b5eefe1fc8b6a6c
SHA256

f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
SHA512

e0549a1f4b0302221486e36e93050009128aeead02fdccfb6c093c9319b82eb45f7c543b2f251add1ae78a37253bc9a6a060ad17b3014d1e2b238eac3299158c
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add.exe

Resource

win10v2004-20220901-en

redline 0002 discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
- Size
  
  361KB
- MD5
  
  90061126e50affbb9725cdf73489660f
- SHA1
  
  c4250d9107c38e7c2a6b7f244b5eefe1fc8b6a6c
- SHA256
  
  f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
- SHA512
  
  e0549a1f4b0302221486e36e93050009128aeead02fdccfb6c093c9319b82eb45f7c543b2f251add1ae78a37253bc9a6a060ad17b3014d1e2b238eac3299158c
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy