redline | dec249cb2b9b5f5a2c528abfc7842225c00c9b1cf8832867ec0b6b212466c651 | Triage

Sharing

General

Target

dec249cb2b9b5f5a2c528abfc7842225c00c9b1cf8832867ec0b6b212466c651
Size

413KB
Sample

220118-ts814scab3
MD5

10ee8311503768bcc4abaa0e1654bd23
SHA1

fc649d194bf4cfea920c73910315e99c38a67bdb
SHA256

dec249cb2b9b5f5a2c528abfc7842225c00c9b1cf8832867ec0b6b212466c651
SHA512

516ec5b4b1063d436058725b4bb0fffa83510ebe965b30fc621f3964109eca82a088c467bfff0439613f6950c2b0c3fa93eee9184e7a1ede3de8e3dbaf2c2756

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Targets

- Target
  
  dec249cb2b9b5f5a2c528abfc7842225c00c9b1cf8832867ec0b6b212466c651
- Size
  
  413KB
- MD5
  
  10ee8311503768bcc4abaa0e1654bd23
- SHA1
  
  fc649d194bf4cfea920c73910315e99c38a67bdb
- SHA256
  
  dec249cb2b9b5f5a2c528abfc7842225c00c9b1cf8832867ec0b6b212466c651
- SHA512
  
  516ec5b4b1063d436058725b4bb0fffa83510ebe965b30fc621f3964109eca82a088c467bfff0439613f6950c2b0c3fa93eee9184e7a1ede3de8e3dbaf2c2756
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer