Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
390d59f202a84419e6cec97ffde2131e82e92fb9dcbe4a904b7b2eee7abaaf63
General
Target
Size
Sample
390d59f202a84419e6cec97ffde2131e82e92fb9dcbe4a904b7b2eee7abaaf63
407KB
220521-wax71adgam
Score
10 /10
MD5
SHA1
SHA256
SHA512
71bce7d3dc09587a7f7b776d516d8875
6367692ad19ab9947f406d82bbffbc09eccb89db
390d59f202a84419e6cec97ffde2131e82e92fb9dcbe4a904b7b2eee7abaaf63
d67d12723b3a8867aa4720ca3607180ff2ec86c81fb657adf7caa704511569363a962b8023082933f33b6388ae58e93203c8c928f08e95e98e62ad40ccb1248e
Malware Config
Extracted
| Family | redline |
| Botnet | test1 |
| C2 |
185.215.113.75:80 |
| Attributes |
auth_value 7ab4a4e2eae9eb7ae10f64f68df53bb3 |
Targets
Target
MD5
Filesize
390d59f202a84419e6cec97ffde2131e82e92fb9dcbe4a904b7b2eee7abaaf63
71bce7d3dc09587a7f7b776d516d8875
407KB
Score
10/10
SHA1
SHA256
SHA512
6367692ad19ab9947f406d82bbffbc09eccb89db
390d59f202a84419e6cec97ffde2131e82e92fb9dcbe4a904b7b2eee7abaaf63
d67d12723b3a8867aa4720ca3607180ff2ec86c81fb657adf7caa704511569363a962b8023082933f33b6388ae58e93203c8c928f08e95e98e62ad40ccb1248e
Tags
Signatures
-
RedLine
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks