redline | 48a87946d6891f792c328049804cf9ebc92a5fc6ea67076d7efe587adc71644f | Triage

Sharing

General

Target

48a87946d6891f792c328049804cf9ebc92a5fc6ea67076d7efe587adc71644f
Size

411KB
Sample

220211-mbst8sebcp
MD5

0bbcc0c7d18a6793ea27c789d8bd6adf
SHA1

e5cee6e8f8b3906a299cec0fa5136e5742f2734c
SHA256

48a87946d6891f792c328049804cf9ebc92a5fc6ea67076d7efe587adc71644f
SHA512

1432f16a628671cef6e6d62d24be20feac59b12147c8508c0a35df4ccae8e048b595972f7314b865a88d708f8af716286f756a64b0b01e328c1ac3a82d30d2ac

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  48a87946d6891f792c328049804cf9ebc92a5fc6ea67076d7efe587adc71644f
- Size
  
  411KB
- MD5
  
  0bbcc0c7d18a6793ea27c789d8bd6adf
- SHA1
  
  e5cee6e8f8b3906a299cec0fa5136e5742f2734c
- SHA256
  
  48a87946d6891f792c328049804cf9ebc92a5fc6ea67076d7efe587adc71644f
- SHA512
  
  1432f16a628671cef6e6d62d24be20feac59b12147c8508c0a35df4ccae8e048b595972f7314b865a88d708f8af716286f756a64b0b01e328c1ac3a82d30d2ac
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer