redline | 235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
Size

358KB
Sample

230321-mjyqfsbg5v
MD5

fabd8e2fc50a1e1227338165235c483b
SHA1

7371dc82e7b82b8a76b449c41c302643f6f612f4
SHA256

235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
SHA512

c46c621e78c6f68d9de7ef5704d09ab825f3f580df1e95b075b8daceeeead32a11c26c31560296be10d3d01e36239eb7845b8055c485703c606eb1e7b1366d78
SSDEEP

6144:uBqALixitlVx98tQ9Pw4g/c7LmsSN3ln4ruaF92xt2:uBqA8itlH9c7dk7kJwCx

Score

10^/10

redline fronx2 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd.exe

Resource

win10v2004-20230220-en

redline fronx2 discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

fronx2

C2

fronxtracking.com:80

Attributes

auth_value
0a4100df2644a6a6582137d2da2c8bd1

Targets

- Target
  
  235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
- Size
  
  358KB
- MD5
  
  fabd8e2fc50a1e1227338165235c483b
- SHA1
  
  7371dc82e7b82b8a76b449c41c302643f6f612f4
- SHA256
  
  235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
- SHA512
  
  c46c621e78c6f68d9de7ef5704d09ab825f3f580df1e95b075b8daceeeead32a11c26c31560296be10d3d01e36239eb7845b8055c485703c606eb1e7b1366d78
- SSDEEP
  
  6144:uBqALixitlVx98tQ9Pw4g/c7LmsSN3ln4ruaF92xt2:uBqA8itlH9c7dk7kJwCx
Score

10^/10

redline fronx2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefronx2discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy