Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
General
Target
Size
Sample
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
489KB
220202-r2xckaacgp
Score
10 /10
MD5
SHA1
SHA256
SHA512
183a84c3d59fa6de2b34b5ccbc32637c
6e30576335ccda4544d4120af63317e634dc49ed
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
bb273052914d30ad66191950a301f9899cf28d7ac52ea3d0a1c1cf1e02f8ffcfccffce031533fcf5d6b39aaf139185dcce683f32fe4b01e55bcb4d21291fa495
Malware Config
Extracted
| Family | redline |
| Botnet | 1 |
| C2 |
stata2021.best:21675 |
Targets
Target
MD5
Filesize
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
183a84c3d59fa6de2b34b5ccbc32637c
489KB
Score
10/10
SHA1
SHA256
SHA512
6e30576335ccda4544d4120af63317e634dc49ed
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
bb273052914d30ad66191950a301f9899cf28d7ac52ea3d0a1c1cf1e02f8ffcfccffce031533fcf5d6b39aaf139185dcce683f32fe4b01e55bcb4d21291fa495
Tags
Signatures
-
RedLine
-
RedLine Payload
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks