redline | 51a69e9ca367afc8f8b3ef8db2a8650f6728ae56ef9db4cee2de88b995ed0f11 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

51a69e9ca367afc8f8b3ef8db2a8650f6728ae56ef9db4cee2de88b995ed0f11
Size

223KB
Sample

221224-yxp61sdg21
MD5

230e91d96c730f10db022f04a7f19110
SHA1

5cceb6760fc7f32612cedbbeb8d2fd4c0901c905
SHA256

51a69e9ca367afc8f8b3ef8db2a8650f6728ae56ef9db4cee2de88b995ed0f11
SHA512

53497950915df1e90e48ff26c0ab15e683fa74b30017559db0de3a5e313ce420b1012d0a51b62495711b3e68e42276efaf8237faaff0030e0cdde6bcddc6bcc9
SSDEEP

3072:zDy3aLefDm5jkhafy81oGAK/DcauD3Myf/ln:maLe7tuvQjaM3l

Score

10^/10

redline smokeloader bundle2 backdoor infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

51a69e9ca367afc8f8b3ef8db2a8650f6728ae56ef9db4cee2de88b995ed0f11.exe

Resource

win10v2004-20220812-en

redline smokeloader bundle2 backdoor infostealer spyware trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

bundle2

C2

65.21.5.58:24911

Attributes

auth_value
d9f9d4528fe5d7d9b08b5ca49403aef0

Targets

- Target
  
  51a69e9ca367afc8f8b3ef8db2a8650f6728ae56ef9db4cee2de88b995ed0f11
- Size
  
  223KB
- MD5
  
  230e91d96c730f10db022f04a7f19110
- SHA1
  
  5cceb6760fc7f32612cedbbeb8d2fd4c0901c905
- SHA256
  
  51a69e9ca367afc8f8b3ef8db2a8650f6728ae56ef9db4cee2de88b995ed0f11
- SHA512
  
  53497950915df1e90e48ff26c0ab15e683fa74b30017559db0de3a5e313ce420b1012d0a51b62495711b3e68e42276efaf8237faaff0030e0cdde6bcddc6bcc9
- SSDEEP
  
  3072:zDy3aLefDm5jkhafy81oGAK/DcauD3Myf/ln:maLe7tuvQjaM3l
Score

10^/10

redline smokeloader bundle2 backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloaderbundle2backdoorinfostealerspywaretrojan

© 2018-2025

Terms | Privacy