redline | 07eafe28c2ff321dd164f60e65eff5622d5a208acf08908e6f5e51ce74fde59e | Triage

Sharing

General

Target

password_2022.rar
Size

1.9MB
Sample

221011-11ln4sgef8
MD5

9f3f73081b04e4dd31d460314b1a02bd
SHA1

faf6415a2962855ac4de8c9526676afa9e512320
SHA256

07eafe28c2ff321dd164f60e65eff5622d5a208acf08908e6f5e51ce74fde59e
SHA512

aa0df16155c8e048ea28498ea04be64601ab3c3cad17696219674ee82066e560ede688c1593a60d252c1906c0a2bfde8e45a33576f00c8ebd67da761f89da289
SSDEEP

49152:CdDlBZEoex0CPzvoeM4RUljX1sR6bG6pwecPTJ6wilj/wc:9Wx4R2jX2EIPTJ6wilrwc

Score

10^/10

redline 4 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

4

C2

185.112.83.147:17431

Attributes

auth_value
36e644f98af4e704e0ff8db3a587fdb4

Targets

- Target
  
  password 2022/1-1.scr
- Size
  
  715.0MB
- MD5
  
  b0a38f0a315ff80630c62eb81bc5daf0
- SHA1
  
  0bb1b18b3a144b29b46ca2932ba6a562f9d4b4d8
- SHA256
  
  c0f743fd14be816dd7c598ea9d61cd84d55d7994c1756e2f752a229106926a0a
- SHA512
  
  86b30248d9b0d7c53c6888e0dec388e0b38d12fa1a1e93606d7ae90a4f1d2e800da616be76b00559a1d90f21fbe94cc68be3b09f2919201d98c5d4fa17a4d078
- SSDEEP
  
  24576:+Vo7uE0Oab8xook2OoYQYzzK52QbgWC3yNaarmNZS8hDpAj+5ugpUPiSrcw84obn:wMOYSwiAGVvtTeRdZEHQJfQuB38V+5
Score

10^/10

redline 4 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline4discoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer