redline | dddd1f4852284a22e53db376d378a10d6506244d4301feb75b76562d69b75f8e | Triage

Sharing

General

Target

dddd1f4852284a22e53db376d378a10d6506244d4301feb75b76562d69b75f8e
Size

385KB
Sample

220212-abddbsfdbn
MD5

87aebc733ec375c95b3426e04b5f08ae
SHA1

2f4c8d7443240d3abf83ac1c1685de6c9694f274
SHA256

dddd1f4852284a22e53db376d378a10d6506244d4301feb75b76562d69b75f8e
SHA512

740fbce2b390c28cae058cc10a9ec4b582d72ae6dec62b990871a603c49074320da9d23ddbbc57dda5e2ad3b6a6406fd79f4afd568114fa7c4e8fcff5a2c62b8

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  dddd1f4852284a22e53db376d378a10d6506244d4301feb75b76562d69b75f8e
- Size
  
  385KB
- MD5
  
  87aebc733ec375c95b3426e04b5f08ae
- SHA1
  
  2f4c8d7443240d3abf83ac1c1685de6c9694f274
- SHA256
  
  dddd1f4852284a22e53db376d378a10d6506244d4301feb75b76562d69b75f8e
- SHA512
  
  740fbce2b390c28cae058cc10a9ec4b582d72ae6dec62b990871a603c49074320da9d23ddbbc57dda5e2ad3b6a6406fd79f4afd568114fa7c4e8fcff5a2c62b8
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer