redline | 84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
Size

437KB
Sample

230224-ky2dsaag53
MD5

ef9a635b1d79569382d19ef3f0791eaf
SHA1

78544e5aa52e1abb9688d09d67704a0e9b9a42ac
SHA256

84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
SHA512

8982eeca3498a2225a452b9c1eaaa04069dd5080798849de5e44ede3001a16f886a04901f892c527c13b62842f0b88636110832e93a410f8bf7ffbbac52142ed
SSDEEP

12288:aMrFy90jXcQk3o8HSfpzV+/Hu6Ky6GusYD3:/y4mbSfpZ+/u6KVGusYD3

Score

10^/10

redline funka ronur discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8.exe

Resource

win10v2004-20230221-en

redline funka ronur discovery infostealer persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes

auth_value
f88f86755a528d4b25f6f3628c460965

Extracted

Family

redline

Botnet

funka

C2

193.233.20.20:4134

Attributes

auth_value
cdb395608d7ec633dce3d2f0c7fb0741

Targets

- Target
  
  84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
- Size
  
  437KB
- MD5
  
  ef9a635b1d79569382d19ef3f0791eaf
- SHA1
  
  78544e5aa52e1abb9688d09d67704a0e9b9a42ac
- SHA256
  
  84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
- SHA512
  
  8982eeca3498a2225a452b9c1eaaa04069dd5080798849de5e44ede3001a16f886a04901f892c527c13b62842f0b88636110832e93a410f8bf7ffbbac52142ed
- SSDEEP
  
  12288:aMrFy90jXcQk3o8HSfpzV+/Hu6Ky6GusYD3:/y4mbSfpZ+/u6KVGusYD3
Score

10^/10

redline funka ronur discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefunkaronurdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy