redline | 6f6b411e9e218c48eb6f755f8ed05649f5f5ed050c1ac5443ce46b6ce4e58060 | Triage

Sharing

General

Target

6f6b411e9e218c48eb6f755f8ed05649f5f5ed050c1ac5443ce46b6ce4e58060
Size

362KB
Sample

220925-mfl79aech7
MD5

f853684c9332d5cea1897a0bb95cbf8b
SHA1

7b306ef302a84ae065a5f73449938c102750f7b4
SHA256

6f6b411e9e218c48eb6f755f8ed05649f5f5ed050c1ac5443ce46b6ce4e58060
SHA512

fa67895bce1b291b83f6ddd7ce99da7cc32731b44f590d681b287e07d94ae6df4f04f1d30a2b088cd18d9c9f2e27a9b87ffc3b1fa92bf63afd46fbd22a43e437
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  6f6b411e9e218c48eb6f755f8ed05649f5f5ed050c1ac5443ce46b6ce4e58060
- Size
  
  362KB
- MD5
  
  f853684c9332d5cea1897a0bb95cbf8b
- SHA1
  
  7b306ef302a84ae065a5f73449938c102750f7b4
- SHA256
  
  6f6b411e9e218c48eb6f755f8ed05649f5f5ed050c1ac5443ce46b6ce4e58060
- SHA512
  
  fa67895bce1b291b83f6ddd7ce99da7cc32731b44f590d681b287e07d94ae6df4f04f1d30a2b088cd18d9c9f2e27a9b87ffc3b1fa92bf63afd46fbd22a43e437
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer