redline | 68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
Size

5.3MB
Sample

221115-tpvpbaae5y
MD5

9e0f5e7f6f3bf3647948f39e795f1ff6
SHA1

dc6d84444138c88b1429a8aad6fe04f7f7ef71b5
SHA256

68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
SHA512

dd2bbf1687c86ac001ef1f67e4f07b6e8406fe70bf68bff220a37cf32a5b618be068226fdb6e043704d65412f1fd996491b8a09cb74432db5c37f9284af1845b
SSDEEP

49152:sPFJCvLqOaSTK5ISawpVpVliC8Tkx23fmAmcViw:sPFsjqOaSFUOfmeiw

Score

10^/10

redline akasha discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0.exe

Resource

win10-20220901-en

redline akasha discovery infostealer spyware stealer

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

AKASHA

C2

77.73.134.54:19123

Attributes

auth_value
c8eb531f5a0c4b089ceefdcdfcce06d9

Targets

- Target
  
  68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
- Size
  
  5.3MB
- MD5
  
  9e0f5e7f6f3bf3647948f39e795f1ff6
- SHA1
  
  dc6d84444138c88b1429a8aad6fe04f7f7ef71b5
- SHA256
  
  68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
- SHA512
  
  dd2bbf1687c86ac001ef1f67e4f07b6e8406fe70bf68bff220a37cf32a5b618be068226fdb6e043704d65412f1fd996491b8a09cb74432db5c37f9284af1845b
- SSDEEP
  
  49152:sPFJCvLqOaSTK5ISawpVpVliC8Tkx23fmAmcViw:sPFsjqOaSFUOfmeiw
Score

10^/10

redline akasha discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineakashadiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy