redline | a3b4e3fd8555d92a91de7ea794bcdc801fac630af22e7fee1f9927af0c3ec625 | Triage

Sharing

General

Target

a3b4e3fd8555d92a91de7ea794bcdc801fac630af22e7fee1f9927af0c3ec625
Size

327KB
Sample

220211-h2ryeadhfn
MD5

b623e3467a36eaec79f0f42ed24bd412
SHA1

76813a9b9fb1baf8d9b271b34aae423f443ed700
SHA256

a3b4e3fd8555d92a91de7ea794bcdc801fac630af22e7fee1f9927af0c3ec625
SHA512

e04043cb3957fded31295b2129564d36613dcc674a21af09714e42bd255259f63600acb0c5b481592d4b13d30cb2fa9c3aff961e8e077df1fe5cf3e1cf15e756

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  a3b4e3fd8555d92a91de7ea794bcdc801fac630af22e7fee1f9927af0c3ec625
- Size
  
  327KB
- MD5
  
  b623e3467a36eaec79f0f42ed24bd412
- SHA1
  
  76813a9b9fb1baf8d9b271b34aae423f443ed700
- SHA256
  
  a3b4e3fd8555d92a91de7ea794bcdc801fac630af22e7fee1f9927af0c3ec625
- SHA512
  
  e04043cb3957fded31295b2129564d36613dcc674a21af09714e42bd255259f63600acb0c5b481592d4b13d30cb2fa9c3aff961e8e077df1fe5cf3e1cf15e756
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer