redline | 4a0c85e75fcca52f61b535480cc29bfbfb5c43ae333411a7d91f57476b96a444 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a0c85e75fcca52f61b535480cc29bfbfb5c43ae333411a7d91f57476b96a444
Size

362KB
Sample

220925-r3y8jsfag7
MD5

8d18be6c10b0a338922056e57b25bf70
SHA1

29d35016e069036ea9c42e78e5053a9394ce2079
SHA256

4a0c85e75fcca52f61b535480cc29bfbfb5c43ae333411a7d91f57476b96a444
SHA512

5e5516892383c9de68e924de907897e5953cc9e050dae81a5f35e14eeabb46d61be4de594bb3d8248222db052e163a6566af87ebd3dce40a1a82bd9b1947a97f
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  4a0c85e75fcca52f61b535480cc29bfbfb5c43ae333411a7d91f57476b96a444
- Size
  
  362KB
- MD5
  
  8d18be6c10b0a338922056e57b25bf70
- SHA1
  
  29d35016e069036ea9c42e78e5053a9394ce2079
- SHA256
  
  4a0c85e75fcca52f61b535480cc29bfbfb5c43ae333411a7d91f57476b96a444
- SHA512
  
  5e5516892383c9de68e924de907897e5953cc9e050dae81a5f35e14eeabb46d61be4de594bb3d8248222db052e163a6566af87ebd3dce40a1a82bd9b1947a97f
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer