redline | ad20867cdb7c79f58f4e46f56cfe21fb5053010f7743e60b925730b4f8d5207a | Triage

Sharing

General

Target

ad20867cdb7c79f58f4e46f56cfe21fb5053010f7743e60b925730b4f8d5207a
Size

340KB
Sample

220210-tve6taaebm
MD5

a6f866a5f220adb221a4898338fc4647
SHA1

bee0540187d9032dc74f1eed9300dfe4b35db9c3
SHA256

ad20867cdb7c79f58f4e46f56cfe21fb5053010f7743e60b925730b4f8d5207a
SHA512

5f9c9d8fb1bec828bef145a30a7d508bba3a6dca5e3c8a9b3827d5c05548b745a43e111cb8f66717eff4e6d4652e7901251ae783f514e783b27708c36e4ffc2d

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  ad20867cdb7c79f58f4e46f56cfe21fb5053010f7743e60b925730b4f8d5207a
- Size
  
  340KB
- MD5
  
  a6f866a5f220adb221a4898338fc4647
- SHA1
  
  bee0540187d9032dc74f1eed9300dfe4b35db9c3
- SHA256
  
  ad20867cdb7c79f58f4e46f56cfe21fb5053010f7743e60b925730b4f8d5207a
- SHA512
  
  5f9c9d8fb1bec828bef145a30a7d508bba3a6dca5e3c8a9b3827d5c05548b745a43e111cb8f66717eff4e6d4652e7901251ae783f514e783b27708c36e4ffc2d
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer