redline | 8e968b7891d07ccd8047cef765b7cf9fb34c846b864a3b4b30867a2c3460310d | Triage

Sharing

General

Target

8e968b7891d07ccd8047cef765b7cf9fb34c846b864a3b4b30867a2c3460310d
Size

415KB
Sample

220119-ey5tbafccp
MD5

10da2e593e74b7b987189af8be9600d0
SHA1

0c64c3c6dbde1e8826c10476ca38014804e3391e
SHA256

8e968b7891d07ccd8047cef765b7cf9fb34c846b864a3b4b30867a2c3460310d
SHA512

1c630415f6b005c49b7e0ef0f6d246cf67c0990939aa05c80f45f78bfcf41242a337d07a25489423202a77e039b286b40c8dda842be758762511100ef7d82f53

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:34865

Targets

- Target
  
  8e968b7891d07ccd8047cef765b7cf9fb34c846b864a3b4b30867a2c3460310d
- Size
  
  415KB
- MD5
  
  10da2e593e74b7b987189af8be9600d0
- SHA1
  
  0c64c3c6dbde1e8826c10476ca38014804e3391e
- SHA256
  
  8e968b7891d07ccd8047cef765b7cf9fb34c846b864a3b4b30867a2c3460310d
- SHA512
  
  1c630415f6b005c49b7e0ef0f6d246cf67c0990939aa05c80f45f78bfcf41242a337d07a25489423202a77e039b286b40c8dda842be758762511100ef7d82f53
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer