redline

General

Target

redLine.exe
Size

249KB
Sample

210926-znqxmafcdl
MD5

3b3b09c0f40c3c2b1c00c3ff03365148
SHA1

34751fcfd324585070daf9870476265e8e209bf7
SHA256

2519257a94977d7b877737aa5c3813bbf1c378618eefd472d208fed97320d516
SHA512

178ae33cde53044ea8e25f272b4db1a3e30edda6a2e51cb71143b5c546a62c693d9e4967b811860bd7b2f16e3629685b62ea98fc24e77df0eb91addf500758d1

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

- Target
  
  redLine.exe
- Size
  
  249KB
- MD5
  
  3b3b09c0f40c3c2b1c00c3ff03365148
- SHA1
  
  34751fcfd324585070daf9870476265e8e209bf7
- SHA256
  
  2519257a94977d7b877737aa5c3813bbf1c378618eefd472d208fed97320d516
- SHA512
  
  178ae33cde53044ea8e25f272b4db1a3e30edda6a2e51cb71143b5c546a62c693d9e4967b811860bd7b2f16e3629685b62ea98fc24e77df0eb91addf500758d1
Score

10^/10

redline uts discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine Payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2