redline | 2c39a961cd7b2249c821ed47521f498f58ff6a76bec097127c2311162daee2bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c39a961cd7b2249c821ed47521f498f58ff6a76bec097127c2311162daee2bb
Size

369KB
Sample

220913-g2qvnsegh5
MD5

0466872a359ffd8364996c083d4de80b
SHA1

d32fcbc7f06d541bee39882b548e677676f9bb03
SHA256

2c39a961cd7b2249c821ed47521f498f58ff6a76bec097127c2311162daee2bb
SHA512

29497b53fa0d1b11d02f1e5f831830f2bdf8d30d3efb1131eccb107cbaf418065a8237dc0fff049a9bc0627e5e51ba18968c6da0f189269b9585ed117055d4c2
SSDEEP

6144:IsdjRn1S1YMlTEkzbq1lknXUJ+g+AiSWhtWHKpC9GjsLKkrKTeN:Td1S1N9Ekzbq1lOjg+MWnQKTjHe

Score

10^/10

redline twick discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

twick

C2

trustedwicky.com:80

Attributes

auth_value
2284521981f16053dae08194ef371cb3

Targets

- Target
  
  2c39a961cd7b2249c821ed47521f498f58ff6a76bec097127c2311162daee2bb
- Size
  
  369KB
- MD5
  
  0466872a359ffd8364996c083d4de80b
- SHA1
  
  d32fcbc7f06d541bee39882b548e677676f9bb03
- SHA256
  
  2c39a961cd7b2249c821ed47521f498f58ff6a76bec097127c2311162daee2bb
- SHA512
  
  29497b53fa0d1b11d02f1e5f831830f2bdf8d30d3efb1131eccb107cbaf418065a8237dc0fff049a9bc0627e5e51ba18968c6da0f189269b9585ed117055d4c2
- SSDEEP
  
  6144:IsdjRn1S1YMlTEkzbq1lknXUJ+g+AiSWhtWHKpC9GjsLKkrKTeN:Td1S1N9Ekzbq1lOjg+MWnQKTjHe
Score

10^/10

redline twick discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetwickdiscoveryinfostealerspywarestealer