redline | 1d8733e7d7dd121c3517aeef317594330b792bf4cb0fc6b1d75a019d7d9b1bf5 | Triage

Sharing

General

Target

1d8733e7d7dd121c3517aeef317594330b792bf4cb0fc6b1d75a019d7d9b1bf5
Size

362KB
Sample

220925-q2zl9agbcl
MD5

ab26c54d5f1d18ad724d4d85f348129f
SHA1

a954944a19ced3d245a0fe7f4d913d9164e93567
SHA256

1d8733e7d7dd121c3517aeef317594330b792bf4cb0fc6b1d75a019d7d9b1bf5
SHA512

47c6ab5f6224513da4b3ab9bfafa3c0deab06fc918b74e6489d7776bb22d7e6dfb8afd503a8e8a9aaf3868c8026cdc77772b14e332933e855126f241db3813fe
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  1d8733e7d7dd121c3517aeef317594330b792bf4cb0fc6b1d75a019d7d9b1bf5
- Size
  
  362KB
- MD5
  
  ab26c54d5f1d18ad724d4d85f348129f
- SHA1
  
  a954944a19ced3d245a0fe7f4d913d9164e93567
- SHA256
  
  1d8733e7d7dd121c3517aeef317594330b792bf4cb0fc6b1d75a019d7d9b1bf5
- SHA512
  
  47c6ab5f6224513da4b3ab9bfafa3c0deab06fc918b74e6489d7776bb22d7e6dfb8afd503a8e8a9aaf3868c8026cdc77772b14e332933e855126f241db3813fe
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer