redline | d4a334f5b6b39a83bc9af73a739e6e2554be17eec81a3ed996fbcf279b8dd4ba | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

d4a334f5b6b39a83bc9af73a739e6e2554be17eec81a3ed996fbcf279b8dd4ba
Size

411KB
Sample

230727-fy9b6sad91
MD5

b2418fa8883cd180ff4b45802576f7fb
SHA1

77b5cd24cb2f1b16241e942efd67c756e059d7a8
SHA256

d4a334f5b6b39a83bc9af73a739e6e2554be17eec81a3ed996fbcf279b8dd4ba
SHA512

d8d721c286c34bcc7090906b8b65508a0ab5a7a99d450bbd1032b060829ef4d595e671233d8269bd0df27b71b9688e9150c0b510eb20f9a43d4c1c378ab639f6
SSDEEP

6144:k6p/gIp6EPT4pn5XYKkp9ohY+PQl5G9hZo3VdU1/:JpIw6oyZYjpihY+PU5G90Fdk

Score

10^/10

redline @germany discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d4a334f5b6b39a83bc9af73a739e6e2554be17eec81a3ed996fbcf279b8dd4ba.exe

Resource

win10-20230703-en

redline @germany discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes

auth_value
9d15d78194367a949e54a07d6ce02c62

Targets

- Target
  
  d4a334f5b6b39a83bc9af73a739e6e2554be17eec81a3ed996fbcf279b8dd4ba
- Size
  
  411KB
- MD5
  
  b2418fa8883cd180ff4b45802576f7fb
- SHA1
  
  77b5cd24cb2f1b16241e942efd67c756e059d7a8
- SHA256
  
  d4a334f5b6b39a83bc9af73a739e6e2554be17eec81a3ed996fbcf279b8dd4ba
- SHA512
  
  d8d721c286c34bcc7090906b8b65508a0ab5a7a99d450bbd1032b060829ef4d595e671233d8269bd0df27b71b9688e9150c0b510eb20f9a43d4c1c378ab639f6
- SSDEEP
  
  6144:k6p/gIp6EPT4pn5XYKkp9ohY+PQl5G9hZo3VdU1/:JpIw6oyZYjpihY+PU5G90Fdk
Score

10^/10

redline @germany discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline@germanydiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy