redline | 932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
Size

416KB
Sample

230202-ltzvtsff99
MD5

edcef5c438b6dcc5577fddda5ed4d3a8
SHA1

fe528c9c99f71b5b57135e78e75930709adb00c0
SHA256

932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
SHA512

752c18bfabe0ce1f5332c3ad09c796acf506315fe857699fde0ee55d3de042339ba7bebed99f51d588a1711d7baea954540681d8a9d2f45fd58ec78ff9cffcaa
SSDEEP

12288:yuOPg6ULiv3/tptEjL6EPybrhc9CJb7d5:RUgBLm3VptEvnj9qb7d5

Score

10^/10

redline milaf discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545.exe

Resource

win10-20220812-en

redline milaf discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes

auth_value
68aaee25afe3d0ae7d4db09dea02347c

Targets

- Target
  
  932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
- Size
  
  416KB
- MD5
  
  edcef5c438b6dcc5577fddda5ed4d3a8
- SHA1
  
  fe528c9c99f71b5b57135e78e75930709adb00c0
- SHA256
  
  932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
- SHA512
  
  752c18bfabe0ce1f5332c3ad09c796acf506315fe857699fde0ee55d3de042339ba7bebed99f51d588a1711d7baea954540681d8a9d2f45fd58ec78ff9cffcaa
- SSDEEP
  
  12288:yuOPg6ULiv3/tptEjL6EPybrhc9CJb7d5:RUgBLm3VptEvnj9qb7d5
Score

10^/10

redline milaf discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemilafdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy