redline | 8d7178c1ffed8cd90cf98754fec35878cd6171be876868ab79df7bd540d59c4a | Triage

Sharing

General

Target

334c858c9629a2126a81774aba358937.exe
Size

442KB
Sample

220805-s1w6vaedf7
MD5

334c858c9629a2126a81774aba358937
SHA1

3e5c980418a587a730f169749266493451e87deb
SHA256

8d7178c1ffed8cd90cf98754fec35878cd6171be876868ab79df7bd540d59c4a
SHA512

ddcbf2f886a38d8bc9865f2d4c812acf38f63d164a32fe8f01b57e649f84281a704aed6e0fb97a6461a002e989cc19c09e80456662ee92aef0f11daaad5112e5

Score

10^/10

redline af2 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

AF2

C2

stcontact.top:80

Attributes

auth_value
4d729a2faecb406a0eb1d6fcf30432fa

Targets

- Target
  
  334c858c9629a2126a81774aba358937.exe
- Size
  
  442KB
- MD5
  
  334c858c9629a2126a81774aba358937
- SHA1
  
  3e5c980418a587a730f169749266493451e87deb
- SHA256
  
  8d7178c1ffed8cd90cf98754fec35878cd6171be876868ab79df7bd540d59c4a
- SHA512
  
  ddcbf2f886a38d8bc9865f2d4c812acf38f63d164a32fe8f01b57e649f84281a704aed6e0fb97a6461a002e989cc19c09e80456662ee92aef0f11daaad5112e5
Score

10^/10

redline af2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineaf2discoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer