redline | 2e1ce5f06ef45fa6611ad42f54e29830c396c697adbf3013e70d4bde36e31051 | Triage

Sharing

General

Target

2e1ce5f06ef45fa6611ad42f54e29830c396c697adbf3013e70d4bde36e31051
Size

440KB
Sample

220213-m9gjvsbben
MD5

aa3ff9c17a3bcba16cb8a5fb19acfe29
SHA1

364703e2a5e38fe4430e4896de1f8f4c62a2834f
SHA256

2e1ce5f06ef45fa6611ad42f54e29830c396c697adbf3013e70d4bde36e31051
SHA512

38a1846b9f14975b2d7172b8b8d64e5fb055f75d71323154a6dcc5926bc249009dafd4aa58015d0c04b73f391974312f7f48d2afd01a58318956d01bf6eccac0

Score

10^/10

redline noname discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes

auth_value
ee92d883673b7156fdd66cac5fc8d2d0

Targets

- Target
  
  2e1ce5f06ef45fa6611ad42f54e29830c396c697adbf3013e70d4bde36e31051
- Size
  
  440KB
- MD5
  
  aa3ff9c17a3bcba16cb8a5fb19acfe29
- SHA1
  
  364703e2a5e38fe4430e4896de1f8f4c62a2834f
- SHA256
  
  2e1ce5f06ef45fa6611ad42f54e29830c396c697adbf3013e70d4bde36e31051
- SHA512
  
  38a1846b9f14975b2d7172b8b8d64e5fb055f75d71323154a6dcc5926bc249009dafd4aa58015d0c04b73f391974312f7f48d2afd01a58318956d01bf6eccac0
Score

10^/10

redline noname discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenonamediscoveryinfostealerspywarestealer