redline | 5f04df0c974ee91a5e85d658134edc0456516206c7b7ca9f4cb2e1feb7abe161 | Triage

Sharing

General

Target

5f04df0c974ee91a5e85d658134edc0456516206c7b7ca9f4cb2e1feb7abe161
Size

406KB
Sample

220118-3z5fyaeaf5
MD5

fe57a8dbb636e41c41680471692c752e
SHA1

8a887ce51acb784bd0be016a249ed46669a55e1c
SHA256

5f04df0c974ee91a5e85d658134edc0456516206c7b7ca9f4cb2e1feb7abe161
SHA512

1b522a3d13c9f8edf4fb1cc2020a9ebdae36c30743a36660ee23e4663aba7cfa41130f10d299d89f5028d659481ab685b3da7a20d2ba4b0fa3280328b9d8e458

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Targets

- Target
  
  5f04df0c974ee91a5e85d658134edc0456516206c7b7ca9f4cb2e1feb7abe161
- Size
  
  406KB
- MD5
  
  fe57a8dbb636e41c41680471692c752e
- SHA1
  
  8a887ce51acb784bd0be016a249ed46669a55e1c
- SHA256
  
  5f04df0c974ee91a5e85d658134edc0456516206c7b7ca9f4cb2e1feb7abe161
- SHA512
  
  1b522a3d13c9f8edf4fb1cc2020a9ebdae36c30743a36660ee23e4663aba7cfa41130f10d299d89f5028d659481ab685b3da7a20d2ba4b0fa3280328b9d8e458
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer