redline | 705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
Size

224KB
Sample

221023-hfkbfahacq
MD5

bfed0c169bf6f00495da2e6de9fd87e5
SHA1

1dca4747cea1b6b37979a905bddeec8259e5f398
SHA256

705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
SHA512

6aab3d4f00c1d06c7707e2e44ee6b1ea8e7b77cf19676d0cae94cb674163d0af916cbf39134b3699aa6e5e21e5ff4f75412b719bffd36328422b7091dffb3e79
SSDEEP

3072:mXVjEB2LP/U9nMwnZ5LcQHdp1w3UjbSJYHsXnTK8K2cP1/8:O1EB2LXWnXnUj6SGHU+q

Score

10^/10

redline google2 nam7 newe slovarikinstalls discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af.exe

Resource

win10-20220901-en

redline google2 nam7 newe slovarikinstalls discovery infostealer spyware stealer

windows10-1703-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

nam7

C2

103.89.90.61:34589

Attributes

auth_value
533c8fbdab4382453812c73ea2cee5b8

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Extracted

Family

redline

Botnet

slovarikinstalls

C2

78.153.144.3:2510

Attributes

auth_value
5f80b2ec82e3bd02a08a3a55d3180551

Extracted

Family

redline

Botnet

Newe

C2

89.208.106.66:4691

Attributes

auth_value
e7141b98243e53ec71dadf6344aff038

Targets

- Target
  
  705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
- Size
  
  224KB
- MD5
  
  bfed0c169bf6f00495da2e6de9fd87e5
- SHA1
  
  1dca4747cea1b6b37979a905bddeec8259e5f398
- SHA256
  
  705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
- SHA512
  
  6aab3d4f00c1d06c7707e2e44ee6b1ea8e7b77cf19676d0cae94cb674163d0af916cbf39134b3699aa6e5e21e5ff4f75412b719bffd36328422b7091dffb3e79
- SSDEEP
  
  3072:mXVjEB2LP/U9nMwnZ5LcQHdp1w3UjbSJYHsXnTK8K2cP1/8:O1EB2LXWnXnUj6SGHU+q
Score

10^/10

redline google2 nam7 newe slovarikinstalls discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegoogle2nam7neweslovarikinstallsdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy