redline | a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f
Size

667KB
Sample

221123-qy7hpafc27
MD5

5f28e537ea9f681c845e12f5fdb9684d
SHA1

38cee9d23f5d1e0b11ce8850e8edeca09261f7f2
SHA256

a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f
SHA512

a030a25bf6520bb0d69b6cbb29260a202219f6de97131de4030a307160847903b0d4d8ec5984f6a2a25e7ccb369e716188b1bf8e5ad1a309f2139e7386d0586b
SSDEEP

12288:dgG+zzPAELjY7Zrp67eISK745fab5e3TEE:dT+PPh2Fp6qIL45Sb5e3J

Score

10^/10

redline lyla.22.11 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f.exe

Resource

win10v2004-20221111-en

redline lyla.22.11 discovery infostealer spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Lyla.22.11

C2

185.215.113.216:21921

Attributes

auth_value
4e1560b379e71c6ab6ae277b9d4c6895

Targets

- Target
  
  a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f
- Size
  
  667KB
- MD5
  
  5f28e537ea9f681c845e12f5fdb9684d
- SHA1
  
  38cee9d23f5d1e0b11ce8850e8edeca09261f7f2
- SHA256
  
  a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f
- SHA512
  
  a030a25bf6520bb0d69b6cbb29260a202219f6de97131de4030a307160847903b0d4d8ec5984f6a2a25e7ccb369e716188b1bf8e5ad1a309f2139e7386d0586b
- SSDEEP
  
  12288:dgG+zzPAELjY7Zrp67eISK745fab5e3TEE:dT+PPh2Fp6qIL45Sb5e3J
Score

10^/10

redline lyla.22.11 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelyla.22.11discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy