redline | 7506d250b6387d0e1cabc8d85310c96dc3c6ac6ad16283c9c47a6007803d2018 | Triage

Sharing

General

Target

7506d250b6387d0e1cabc8d85310c96dc3c6ac6ad16283c9c47a6007803d2018
Size

465KB
Sample

220213-jcqvgsfdd6
MD5

2dfa65a909ea7a4d10bffdb82b32a084
SHA1

217331d93b863dd4915dd0d09cc7d2e221ceb94a
SHA256

7506d250b6387d0e1cabc8d85310c96dc3c6ac6ad16283c9c47a6007803d2018
SHA512

a6d2a9941772fbabd0d53d2a0f2539f8ac47c0264f6cd1450a26828913a15e2c0c149c2e5f517016d465446d9830dc782d7a7f787415d4669c9ad0bfe1b3491e

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  7506d250b6387d0e1cabc8d85310c96dc3c6ac6ad16283c9c47a6007803d2018
- Size
  
  465KB
- MD5
  
  2dfa65a909ea7a4d10bffdb82b32a084
- SHA1
  
  217331d93b863dd4915dd0d09cc7d2e221ceb94a
- SHA256
  
  7506d250b6387d0e1cabc8d85310c96dc3c6ac6ad16283c9c47a6007803d2018
- SHA512
  
  a6d2a9941772fbabd0d53d2a0f2539f8ac47c0264f6cd1450a26828913a15e2c0c149c2e5f517016d465446d9830dc782d7a7f787415d4669c9ad0bfe1b3491e
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer