redline | 351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90

General

Target

351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90.exe
Size

441KB
MD5

c38636896afd2bff5af0a8c641a50e0f
SHA1

688967ba3b597755c31be44bf8daf3554840674d
SHA256

351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90
SHA512

b7248bcc030094f514ac89c6548812992b6eb6cf61b715469d7f83b43e82cb0bd2ddf0482690bd588f0309f682d3868951bebc6cdbd4fe54dcf6373863f63aeb

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2952-118-0x0000000002840000-0x000000000286D000-memory.dmp	family_redline
behavioral1/memory/2952-123-0x0000000002980000-0x00000000029AB000-memory.dmp	family_redline

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90.exe
"C:\Users\Admin\AppData\Local\Temp\351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90.exe"
1⤵
PID:2952

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-115-0x0000000000AA6000-0x0000000000AD2000-memory.dmp

Filesize
176KB

Download
memory/2952-116-0x0000000000920000-0x0000000000A6A000-memory.dmp

Filesize
1.3MB

Download
memory/2952-117-0x0000000000400000-0x000000000089D000-memory.dmp

Filesize
4.6MB

Download
memory/2952-118-0x0000000002840000-0x000000000286D000-memory.dmp

Filesize
180KB

Download
memory/2952-119-0x00000000050D0000-0x00000000050D1000-memory.dmp

Filesize
4KB

Download
memory/2952-121-0x00000000050C2000-0x00000000050C3000-memory.dmp

Filesize
4KB

Download
memory/2952-120-0x00000000050C0000-0x00000000050C1000-memory.dmp

Filesize
4KB

Download
memory/2952-122-0x00000000050C3000-0x00000000050C4000-memory.dmp

Filesize
4KB

Download
memory/2952-123-0x0000000002980000-0x00000000029AB000-memory.dmp

Filesize
172KB

Download
memory/2952-124-0x00000000055D0000-0x00000000055D1000-memory.dmp

Filesize
4KB

Download
memory/2952-125-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/2952-126-0x0000000004F00000-0x0000000004F01000-memory.dmp

Filesize
4KB

Download
memory/2952-127-0x0000000005010000-0x0000000005011000-memory.dmp

Filesize
4KB

Download
memory/2952-128-0x0000000005070000-0x0000000005071000-memory.dmp

Filesize
4KB

Download
memory/2952-129-0x00000000050C4000-0x00000000050C6000-memory.dmp

Filesize
8KB

Download
memory/2952-130-0x0000000005E20000-0x0000000005E21000-memory.dmp

Filesize
4KB

Download
memory/2952-131-0x0000000006510000-0x0000000006511000-memory.dmp

Filesize
4KB

Download
memory/2952-132-0x0000000006590000-0x0000000006591000-memory.dmp

Filesize
4KB

Download
memory/2952-133-0x0000000006780000-0x0000000006781000-memory.dmp

Filesize
4KB

Download
memory/2952-134-0x0000000006810000-0x0000000006811000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing