redline | 8ff101a259ffc599f28cb69b71a6792098e742bd1a0b448607413b73c2cf4b6d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

8ff101a259ffc599f28cb69b71a6792098e742bd1a0b448607413b73c2cf4b6d
Size

461KB
Sample

230105-eyk4xaah59
MD5

cfa25ece289af9e5b478a2e328a1ea33
SHA1

530bee9af56e1a77b2676e36e59062920d839147
SHA256

8ff101a259ffc599f28cb69b71a6792098e742bd1a0b448607413b73c2cf4b6d
SHA512

0c5b4879a2409eb0f667eb76ebacf11bfaf1821d295ba5ab9cff5edd619b72d97432385f044cd584392c1fb53d4683c83c14d8f11332c981b632cfec7164fc2a
SSDEEP

12288:RxsFFqz941oRKMhiuUBbLz6fTUUUoxupmLW:RMFqz9T8nz9SfQxoUYLW

Score

10^/10

redline sport discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8ff101a259ffc599f28cb69b71a6792098e742bd1a0b448607413b73c2cf4b6d.exe

Resource

win10-20220901-en

redline sport discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes

auth_value
82cce55eeb56b322651e98032c09d225

Targets

- Target
  
  8ff101a259ffc599f28cb69b71a6792098e742bd1a0b448607413b73c2cf4b6d
- Size
  
  461KB
- MD5
  
  cfa25ece289af9e5b478a2e328a1ea33
- SHA1
  
  530bee9af56e1a77b2676e36e59062920d839147
- SHA256
  
  8ff101a259ffc599f28cb69b71a6792098e742bd1a0b448607413b73c2cf4b6d
- SHA512
  
  0c5b4879a2409eb0f667eb76ebacf11bfaf1821d295ba5ab9cff5edd619b72d97432385f044cd584392c1fb53d4683c83c14d8f11332c981b632cfec7164fc2a
- SSDEEP
  
  12288:RxsFFqz941oRKMhiuUBbLz6fTUUUoxupmLW:RMFqz9T8nz9SfQxoUYLW
Score

10^/10

redline sport discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesportdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy