redline | de4b5af97ee34fa2c08dbe3a0be2016bd30ca042982f28a2ea0eeb30aaa56502 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

de4b5af97ee34fa2c08dbe3a0be2016bd30ca042982f28a2ea0eeb30aaa56502
Size

361KB
Sample

220925-g2ahpadef6
MD5

46926d242c4c802574425e6f7ca62422
SHA1

75b79405d1894df0a2ca88c17a23f199aa34de59
SHA256

de4b5af97ee34fa2c08dbe3a0be2016bd30ca042982f28a2ea0eeb30aaa56502
SHA512

760d4de9fb2a2df389dcace50a0c5c290dc95730c3264b7048ae6b409373ce3fd6576708b63aa97e4ef298e0c332ef4cbaafe941ee53600eb479d4a939c78c47
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

de4b5af97ee34fa2c08dbe3a0be2016bd30ca042982f28a2ea0eeb30aaa56502.exe

Resource

win10-20220812-en

redline 0002 discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  de4b5af97ee34fa2c08dbe3a0be2016bd30ca042982f28a2ea0eeb30aaa56502
- Size
  
  361KB
- MD5
  
  46926d242c4c802574425e6f7ca62422
- SHA1
  
  75b79405d1894df0a2ca88c17a23f199aa34de59
- SHA256
  
  de4b5af97ee34fa2c08dbe3a0be2016bd30ca042982f28a2ea0eeb30aaa56502
- SHA512
  
  760d4de9fb2a2df389dcace50a0c5c290dc95730c3264b7048ae6b409373ce3fd6576708b63aa97e4ef298e0c332ef4cbaafe941ee53600eb479d4a939c78c47
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy