redline

General

Target

434caf5cabec8d128658d3f1eb1ff0f0856eaa8ef3ee951af654d5367c23dc27
Size

271KB
Sample

230101-pwyx4abf84
MD5

85eb69c38238bac6647c1322a7521d7e
SHA1

27a727fe19132e8c72a9399419e2b2631c4ca44c
SHA256

0dc42adad2d39986a438aa7d8b0c8b87dda267ace7b3620d970036686ab880bc
SHA512

1fabaa40fabca4af76d3c121dabe03bf7a672af0f73cc5ac1f18fa91e78d6b70c209e1eba4c8057e7d796f018067af44aa4bb852cfbbb1b692e8307d194443aa
SSDEEP

6144:+ipGOUFU3OQ163Y5xgRkctLzHfQDFkAr88lMfDbRlzzuazB0:jr73OLUxgRztv/QZrqBxlB0

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@2023@New

C2

91.215.85.155:32796

Attributes

auth_value
0be5b9b84cd5b707e91a48e341e3f7d7

Targets

- Target
  
  434caf5cabec8d128658d3f1eb1ff0f0856eaa8ef3ee951af654d5367c23dc27
- Size
  
  360KB
- MD5
  
  fe4d2b6d3b1fc79d30486232d06551b1
- SHA1
  
  57f0987bbf7b2af968fd38c48f3ff1f07a95660b
- SHA256
  
  434caf5cabec8d128658d3f1eb1ff0f0856eaa8ef3ee951af654d5367c23dc27
- SHA512
  
  e9968ed955e3ff25e99a1c94389ed75ea6200cea7f2f87c7c641af4dc4f4bd58ff2a4c9fff2e96115b87ca0440db6a6d70f55ba42e659c2bfe8ed668fce8eaca
- SSDEEP
  
  6144:CCLeIzviVdr7X5xg/kctLzHXQDFkAz88lMfD01ov/sSZY:CCnzYnxg/ztv3QZzqoC/s
Score

10^/10

redline @2023@new discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2