redline | 098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5 | Triage

Sharing

General

Target

098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5
Size

416KB
Sample

220116-ksqp4affep
MD5

5c07760d4ef93292c5b19dd55ebbc322
SHA1

c3368e114c04ffc907dd982e3d0aa11cbb5bca34
SHA256

098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5
SHA512

d617d776f4f2a84d4a4023308dff246a846ecf42a897fa2b606de7ea270d52d1d6df098adca778f334c8a27a8302648e72d6d84c6b1dab7d55cecd5a5b8d24d3

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Targets

- Target
  
  098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5
- Size
  
  416KB
- MD5
  
  5c07760d4ef93292c5b19dd55ebbc322
- SHA1
  
  c3368e114c04ffc907dd982e3d0aa11cbb5bca34
- SHA256
  
  098aebdc9da198cf674af66fec9a7d790feebf60e78ec7c6288851d8b3db30f5
- SHA512
  
  d617d776f4f2a84d4a4023308dff246a846ecf42a897fa2b606de7ea270d52d1d6df098adca778f334c8a27a8302648e72d6d84c6b1dab7d55cecd5a5b8d24d3
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer