redline | 51ad37b3521da7b605f0a68acc48134f59d04a53e39eb8e1f657b744ca6464a4 | Triage

Sharing

General

Target

51ad37b3521da7b605f0a68acc48134f59d04a53e39eb8e1f657b744ca6464a4
Size

362KB
Sample

220925-nnfwwaeee2
MD5

9db19e99af02e45fe19db139a37625e5
SHA1

7ec5d0f4c75089a1d3691745ba035eccd4d712d6
SHA256

51ad37b3521da7b605f0a68acc48134f59d04a53e39eb8e1f657b744ca6464a4
SHA512

b756e93fb418e0fab0598bb4665dd73ecc3054a5c7da810750a95d2dcb86cd6233c16699c1663ac896a6670524d142ec90eb886d03c8ae788e023096ed9391c5
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  51ad37b3521da7b605f0a68acc48134f59d04a53e39eb8e1f657b744ca6464a4
- Size
  
  362KB
- MD5
  
  9db19e99af02e45fe19db139a37625e5
- SHA1
  
  7ec5d0f4c75089a1d3691745ba035eccd4d712d6
- SHA256
  
  51ad37b3521da7b605f0a68acc48134f59d04a53e39eb8e1f657b744ca6464a4
- SHA512
  
  b756e93fb418e0fab0598bb4665dd73ecc3054a5c7da810750a95d2dcb86cd6233c16699c1663ac896a6670524d142ec90eb886d03c8ae788e023096ed9391c5
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer