redline | d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
Size

365KB
Sample

230606-rbpj2aef2t
MD5

6eb5cc38086de64538a97377aa468208
SHA1

bf3890b30f71018c1215d03985461ab28c756a7e
SHA256

d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
SHA512

91fcb130c165a608b81db198c76d036bc6a99967d9e9956dd2729be8d70d4595456a73a052df958288ebaf5e27a957e5941c2ee8feaa18b4306db4da32fa1ba2
SSDEEP

6144:zFQJ9D4P5ciXub6S+mG1n+za0jZGQcrQrD:zi3D4P56GS1GBoa0UQcr+

Score

10^/10

redline @chicago discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910.exe

Resource

win10-20230220-en

redline @chicago discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Chicago

C2

185.81.68.115:2920

Attributes

auth_value
624a75e46c4217bc2cafb7758d1978d9

Targets

- Target
  
  d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
- Size
  
  365KB
- MD5
  
  6eb5cc38086de64538a97377aa468208
- SHA1
  
  bf3890b30f71018c1215d03985461ab28c756a7e
- SHA256
  
  d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
- SHA512
  
  91fcb130c165a608b81db198c76d036bc6a99967d9e9956dd2729be8d70d4595456a73a052df958288ebaf5e27a957e5941c2ee8feaa18b4306db4da32fa1ba2
- SSDEEP
  
  6144:zFQJ9D4P5ciXub6S+mG1n+za0jZGQcrQrD:zi3D4P56GS1GBoa0UQcr+
Score

10^/10

redline @chicago discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@chicagodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy