redline

General

Target

07220efd22672ef2e12ca128a2b05fb624e8552a21090e97de7efc95541be327
Size

291KB
Sample

221225-xy6dysfb5s
MD5

b044009b6d4e941d59193aba6a678c1d
SHA1

cf9d3c62b5529bd515d7ecb20b77715ecb336f46
SHA256

9516c93803444711be4f380e9a7c058cbdd65e77ed7a805d12a348373e922a96
SHA512

322304c1f5195d9bbbd4dae4ca72b9835733cf7a257c6d07d9d2bd19c75689e0bc12b3d3fb97195aaa21696d38fdc0f220a461253984dd89a0475eac5e2609f3
SSDEEP

6144:24wazSc0z2uAAFUSSnw4du5YWy5PaKtswZk2J+Cz/NTEfSGd:9s2b23S0YW8yKrpz/w

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes

auth_value
8284279aedaed026a9b7cb9c1c0be4e4

Targets

- Target
  
  07220efd22672ef2e12ca128a2b05fb624e8552a21090e97de7efc95541be327
- Size
  
  373KB
- MD5
  
  a9d63a425135a5c316cf4f219ecf05ad
- SHA1
  
  141debc2caa634930244221c7c0322317bd4eb86
- SHA256
  
  07220efd22672ef2e12ca128a2b05fb624e8552a21090e97de7efc95541be327
- SHA512
  
  9e4da708ed150d60ee8af46c9cd285f86b8d010a5d51adc1feac6442bfe5ab486d03ac55d31862301fd95a925190240ef74426df388904b86761cbaa45024f87
- SSDEEP
  
  6144:lLeYRuUrMVz2uAAXUCSnw4DuVYWy5PyKtswZkw78J/7jRGymI:lyUO2bOlSMYW86KrYV7jfm
Score

10^/10

redline @new@2023 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2