redline | 63ce59383e624a3bd55fb701b45370064a3571e0468717631a5989572a0c6a09 | Triage

Sharing

General

Target

63ce59383e624a3bd55fb701b45370064a3571e0468717631a5989572a0c6a09
Size

386KB
Sample

220117-kwahaahdcq
MD5

49d5d469cf0b226f784f4526e8c81726
SHA1

af8517883991359e5a6e0abb17f3a84d5e09a18b
SHA256

63ce59383e624a3bd55fb701b45370064a3571e0468717631a5989572a0c6a09
SHA512

eda7faa7fada31642a2b53dffb56fa5a84736c647a3702781475b920808514dc0f1d1fbbe915d78e3ae76a7fdd015ea429c8d6ec1a44e0a1744a9e4fe4e75d2d

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Targets

- Target
  
  63ce59383e624a3bd55fb701b45370064a3571e0468717631a5989572a0c6a09
- Size
  
  386KB
- MD5
  
  49d5d469cf0b226f784f4526e8c81726
- SHA1
  
  af8517883991359e5a6e0abb17f3a84d5e09a18b
- SHA256
  
  63ce59383e624a3bd55fb701b45370064a3571e0468717631a5989572a0c6a09
- SHA512
  
  eda7faa7fada31642a2b53dffb56fa5a84736c647a3702781475b920808514dc0f1d1fbbe915d78e3ae76a7fdd015ea429c8d6ec1a44e0a1744a9e4fe4e75d2d
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer