redline | faf68538c74234956f24612a7b64b4fd3fa9f802e0aa9bbb1e3871524d94ca7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faf68538c74234956f24612a7b64b4fd3fa9f802e0aa9bbb1e3871524d94ca7c
Size

362KB
Sample

220925-sz8hgsfca8
MD5

15d6bb15e85c53fa8d5f2fb6076d7c7b
SHA1

704fb2e0f5c0344031160e0b00976c8864030f23
SHA256

faf68538c74234956f24612a7b64b4fd3fa9f802e0aa9bbb1e3871524d94ca7c
SHA512

9c8e39691f2e501f312f4079de65fac407c88e5faaf3bc05fc75df85c8c0aa55a54a3e2b5a5117372d739ac9d5328a6870f775174dc6641f345fad2536138dd5
SSDEEP

6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Score

10^/10

redline 0002 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes

auth_value
866ce0ed8cfe2be77fb43a4912677698

Targets

- Target
  
  faf68538c74234956f24612a7b64b4fd3fa9f802e0aa9bbb1e3871524d94ca7c
- Size
  
  362KB
- MD5
  
  15d6bb15e85c53fa8d5f2fb6076d7c7b
- SHA1
  
  704fb2e0f5c0344031160e0b00976c8864030f23
- SHA256
  
  faf68538c74234956f24612a7b64b4fd3fa9f802e0aa9bbb1e3871524d94ca7c
- SHA512
  
  9c8e39691f2e501f312f4079de65fac407c88e5faaf3bc05fc75df85c8c0aa55a54a3e2b5a5117372d739ac9d5328a6870f775174dc6641f345fad2536138dd5
- SSDEEP
  
  6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score

10^/10

redline 0002 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline0002discoveryinfostealerspywarestealer