Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
552aee85ce0218f98f82f01eb6ce6443f4a0fa639dacdb765a10c6a5cdef257e
General
Target
Size
Sample
552aee85ce0218f98f82f01eb6ce6443f4a0fa639dacdb765a10c6a5cdef257e
330KB
220127-nvt23sccd3
Score
10 /10
MD5
SHA1
SHA256
SHA512
38dc9a14d4df83a0d9ca119501611ee1
f359950816fc5f6acd30fa67449cbb8516fddb55
552aee85ce0218f98f82f01eb6ce6443f4a0fa639dacdb765a10c6a5cdef257e
51a5f8345237e0375f331bb8618cfed4f435e4e987793f14e0c3752108b8f93857591cd16ae12860acaafef4d7fb45f1cd3bc212815f06961cfd8a0ea6cb9cfa
Malware Config
Extracted
| Family | redline |
| Botnet | noname |
| C2 |
185.215.113.29:20819 |
Targets
Target
MD5
Filesize
552aee85ce0218f98f82f01eb6ce6443f4a0fa639dacdb765a10c6a5cdef257e
38dc9a14d4df83a0d9ca119501611ee1
330KB
Score
10/10
SHA1
SHA256
SHA512
f359950816fc5f6acd30fa67449cbb8516fddb55
552aee85ce0218f98f82f01eb6ce6443f4a0fa639dacdb765a10c6a5cdef257e
51a5f8345237e0375f331bb8618cfed4f435e4e987793f14e0c3752108b8f93857591cd16ae12860acaafef4d7fb45f1cd3bc212815f06961cfd8a0ea6cb9cfa
Tags
Signatures
-
RedLine
-
RedLine Payload
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks