redline

General

Target

da4f7ab4335741da73cdc9d9e8ec197aeb015aad2e149c8e903e9854fc8b2381
Size

5.5MB
Sample

221014-178gfsegek
MD5

24592dbf8073fce528cd270cd8fba5e1
SHA1

f50fb2cd1772cc4bb336e8f1aeade9e12a65a817
SHA256

da4f7ab4335741da73cdc9d9e8ec197aeb015aad2e149c8e903e9854fc8b2381
SHA512

21e4147ce76080488f532683f273978112cb1aa1262e7c5bfb9c16c7bf84f8289b9c5d8894f5bb8cf90e9262873f21563d636492bb90a020537c27335ad481a5
SSDEEP

49152:0PFJCvLqOaSTK5ISawpVpVliC8Tkx4HS2TQ:0PFsjqOaSFUN2T

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

ANUBIS13

C2

185.215.113.217:25060

Attributes

auth_value
4df54404f211b2ab9f27688b8eb20b17

Targets

- Target
  
  da4f7ab4335741da73cdc9d9e8ec197aeb015aad2e149c8e903e9854fc8b2381
- Size
  
  5.5MB
- MD5
  
  24592dbf8073fce528cd270cd8fba5e1
- SHA1
  
  f50fb2cd1772cc4bb336e8f1aeade9e12a65a817
- SHA256
  
  da4f7ab4335741da73cdc9d9e8ec197aeb015aad2e149c8e903e9854fc8b2381
- SHA512
  
  21e4147ce76080488f532683f273978112cb1aa1262e7c5bfb9c16c7bf84f8289b9c5d8894f5bb8cf90e9262873f21563d636492bb90a020537c27335ad481a5
- SSDEEP
  
  49152:0PFJCvLqOaSTK5ISawpVpVliC8Tkx4HS2TQ:0PFsjqOaSFUN2T
Score

10^/10

redline anubis13 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2