redline

General

Target

479802dc2034092c395527ea7dba682821a8f0d7f562e3f831e218f7d1aa79c5
Size

291KB
Sample

221229-adqrfafa8s
MD5

bc52d90dc8c42ad4908cf2a26108c4bf
SHA1

9f11a6731c7a9552bb2cfe5b90b2151ca9bd11b1
SHA256

d1df00d8ae5cea7d7c1f8977454a9740a17e2f3408d9c490f5dc11d05226d572
SHA512

3c3832396a33ec56962c32dc4011b96787eb2eb63aae353bf18423651b250456cb1c4e5af6e1846d2d2214bb2cdc2a63c73b131d256f5badae1e9ecd0f8e11ce
SSDEEP

6144:sQEP2WYVH6RHybOXW+15Qq1wRvWT66h+1mLtwfHxJBYnSm:HDHuQ+1j1AmBe5fRJm

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes

auth_value
8284279aedaed026a9b7cb9c1c0be4e4

Targets

- Target
  
  479802dc2034092c395527ea7dba682821a8f0d7f562e3f831e218f7d1aa79c5
- Size
  
  382KB
- MD5
  
  0a819349c3bf5433e85d55cb98cd22c4
- SHA1
  
  e106c5003044a8318fa7de4f01ebd3746fc5ab32
- SHA256
  
  479802dc2034092c395527ea7dba682821a8f0d7f562e3f831e218f7d1aa79c5
- SHA512
  
  219c8e2af76505be3ff966ffe4fefc082f533d8f763c4c365d6b1d6e1d6a7e1e88e3e774ef91f10effebe3502f96bd4c62c4a45caad25aebadbdff146437a02c
- SSDEEP
  
  6144:dQLaghjsybOXW+n5Qq1wRfWT66h+1iLtwfRVSzMrP61YDZ:Wtv+nj1WmBe9fDSzMr
Score

10^/10

redline @new@2023 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2