Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
General
Target
Size
Sample
04875c48adccb44ffcb18af8ac581112.exe
377KB
220427-q88thagca7
Score
10/10
MD5
SHA1
SHA256
SHA512
04875c48adccb44ffcb18af8ac581112
e83a38e661ef63de1ba879a1e22186a16d65c358
3cd108b7f88e3c35febc8858c5bfe4d3737d4b5596a0616d0ac259a5333c8b44
932393210b26e7b46c082b7bf441f7a2ad7e622b4cc596336a7733b80f408327a4da713edf9139bda8e98435575041e4e028e28c759a1d8e02bd5f7bac29f4fb
Malware Config
Extracted
| Family | redline |
| Botnet | 1 |
| C2 |
77.232.36.171:31078 |
| Attributes |
auth_value 9570c1130d94c3bb18e6065c4cf89298 |
Targets
Target
MD5
Filesize
04875c48adccb44ffcb18af8ac581112.exe
04875c48adccb44ffcb18af8ac581112
377KB
Score
10/10
SHA1
SHA256
SHA512
e83a38e661ef63de1ba879a1e22186a16d65c358
3cd108b7f88e3c35febc8858c5bfe4d3737d4b5596a0616d0ac259a5333c8b44
932393210b26e7b46c082b7bf441f7a2ad7e622b4cc596336a7733b80f408327a4da713edf9139bda8e98435575041e4e028e28c759a1d8e02bd5f7bac29f4fb
Tags
Signatures
-
RedLine
-
RedLine Payload
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Legitimate hosting services abused for malware hosting/C2
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
7/10