Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c
General
Target
Size
Sample
7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c
405KB
211125-vcrbssbbg2
Score
10 /10
MD5
SHA1
SHA256
SHA512
826fce77343a479518b652f51f06d884
a3ace9b820802826b80c71bf9a6cef234f18a555
7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c
8cd3fbc1b015b0b504cc6dda0f98c7de8994ccdad3566d9ae14fa78795bdb6f97cf882609cc445a14ab0b5daceeb3844ef9fc3eeaab75bfff154402dc99e4870
Malware Config
Extracted
| Family | redline |
| Botnet | RUZKI |
| C2 |
185.215.113.29:26828 |
Targets
Target
MD5
Filesize
7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c
826fce77343a479518b652f51f06d884
405KB
Score
10 /10
SHA1
SHA256
SHA512
a3ace9b820802826b80c71bf9a6cef234f18a555
7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c
8cd3fbc1b015b0b504cc6dda0f98c7de8994ccdad3566d9ae14fa78795bdb6f97cf882609cc445a14ab0b5daceeb3844ef9fc3eeaab75bfff154402dc99e4870
Tags
Signatures
-
RedLine
-
RedLine Payload
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks