redline | 872078df490c1ff85ca676a80e824d9e88fde18257a0a75ce49aebcde12700f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

872078df490c1ff85ca676a80e824d9e88fde18257a0a75ce49aebcde12700f7
Size

360KB
Sample

221217-z7c5wace9t
MD5

7afa58220af645c5cd50639a2739a099
SHA1

953e46ff0e902e75ef1c734afde494b947b8d1de
SHA256

872078df490c1ff85ca676a80e824d9e88fde18257a0a75ce49aebcde12700f7
SHA512

192d7005808a59e7a6ca51a6037ccd8faed7b3b2f0c417a7308749838ffbe47f71c32110a22c3a18c97877a10a465b8d3da9bf22e53e623fe9a5e63a48cdda3f
SSDEEP

6144:ZRCsqezrcVEgeguGmgkS9Ze2NAzXsQ0Ht5Vdfyn6UBsIog+1BjKK96KsFgEkwvoF:ZHx1GDkSx0XsQ0Ht5Vdfyn6UBsIog+1t

Score

10^/10

redline @prds4444 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@prds4444

C2

45.15.156.155:80

Attributes

auth_value
0386a7c01f80a26cf6b4d2aaaf9a35d4

Targets

- Target
  
  872078df490c1ff85ca676a80e824d9e88fde18257a0a75ce49aebcde12700f7
- Size
  
  360KB
- MD5
  
  7afa58220af645c5cd50639a2739a099
- SHA1
  
  953e46ff0e902e75ef1c734afde494b947b8d1de
- SHA256
  
  872078df490c1ff85ca676a80e824d9e88fde18257a0a75ce49aebcde12700f7
- SHA512
  
  192d7005808a59e7a6ca51a6037ccd8faed7b3b2f0c417a7308749838ffbe47f71c32110a22c3a18c97877a10a465b8d3da9bf22e53e623fe9a5e63a48cdda3f
- SSDEEP
  
  6144:ZRCsqezrcVEgeguGmgkS9Ze2NAzXsQ0Ht5Vdfyn6UBsIog+1BjKK96KsFgEkwvoF:ZHx1GDkSx0XsQ0Ht5Vdfyn6UBsIog+1t
Score

10^/10

redline @prds4444 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

@prds4444redline

behavioral1

redline@prds4444discoveryinfostealerspywarestealer