redline | b9aa61846e9d50ff33c90a39774e279c0be758bac554c5d3ac790292b04a20ec | Triage

Sharing

General

Target

b9aa61846e9d50ff33c90a39774e279c0be758bac554c5d3ac790292b04a20ec
Size

465KB
Sample

220213-c8nxfafbcp
MD5

939254f31dde6a19f4274f878be72f3a
SHA1

fae0abafaef0fd4c72e9a548b1c4a80b230a4b05
SHA256

b9aa61846e9d50ff33c90a39774e279c0be758bac554c5d3ac790292b04a20ec
SHA512

f7595b30332a5a9b5a88a74f849ef27a106d6ef32bfa7141b29978e4db9459d89e8a6e955c9b6a01c3121f78143612f2208030cd620dc999ccb69c0f66bce632

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  b9aa61846e9d50ff33c90a39774e279c0be758bac554c5d3ac790292b04a20ec
- Size
  
  465KB
- MD5
  
  939254f31dde6a19f4274f878be72f3a
- SHA1
  
  fae0abafaef0fd4c72e9a548b1c4a80b230a4b05
- SHA256
  
  b9aa61846e9d50ff33c90a39774e279c0be758bac554c5d3ac790292b04a20ec
- SHA512
  
  f7595b30332a5a9b5a88a74f849ef27a106d6ef32bfa7141b29978e4db9459d89e8a6e955c9b6a01c3121f78143612f2208030cd620dc999ccb69c0f66bce632
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer