redline | c1206ad84bf49cd1dc2ed0a33cb97327fc6e54e630bacd3ddd0ba6751fde79b0 | Triage

Sharing

General

Target

SetupMEXX.exe
Size

365KB
Sample

220512-t7j1jachf9
MD5

7370ffed0230ae5356e8ae84124a3d1e
SHA1

55ca5aaae35860b8cc10a6275183330c19ee192c
SHA256

c1206ad84bf49cd1dc2ed0a33cb97327fc6e54e630bacd3ddd0ba6751fde79b0
SHA512

bf17ee8f305edd9ab5f89bd6397af79c41b8a0d48d017e0f2e345f83d4c64bb0d44b372a089d591b0ea6aea8f429a403a050c7358f104bfd8156fb0d18900a25

Score

10^/10

redline 50n discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

50n

C2

193.106.191.190:23196

Attributes

auth_value
d61a9ba1568b3b8e34c959aa0f254969

Targets

- Target
  
  SetupMEXX.exe
- Size
  
  365KB
- MD5
  
  7370ffed0230ae5356e8ae84124a3d1e
- SHA1
  
  55ca5aaae35860b8cc10a6275183330c19ee192c
- SHA256
  
  c1206ad84bf49cd1dc2ed0a33cb97327fc6e54e630bacd3ddd0ba6751fde79b0
- SHA512
  
  bf17ee8f305edd9ab5f89bd6397af79c41b8a0d48d017e0f2e345f83d4c64bb0d44b372a089d591b0ea6aea8f429a403a050c7358f104bfd8156fb0d18900a25
Score

10^/10

redline 50n discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline50ndiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer