redline | d378bbf249a91273ed467359e6e604b84030b161521cf621092dbf5767bf2deb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

485KB
Sample

230109-htsjzagh3s
MD5

6158318928d7c1766fdcfaa709a7abc3
SHA1

8e97d01124e506d2eb3a8dc2a214209c12e36177
SHA256

d378bbf249a91273ed467359e6e604b84030b161521cf621092dbf5767bf2deb
SHA512

9030f42975360b0c56fb7cba0d5b9b7a2b614e5b5ed80e2ab0d1ac473ffb4c1ce21fbd1f20b167039e44f781d21759d1e61d14968335b89bba16cf021eb51baa
SSDEEP

6144:qxX8cu4pLaCQCXmIwytBvQNieHfV56BMW7ALzj9yY7GSHUitRFCFuedWc++g:qxX8NE2CQCXm7ytehVkMFjGSRt+++g

Score

10^/10

redline @new@2023 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes

auth_value
8284279aedaed026a9b7cb9c1c0be4e4

Targets

- Target
  
  file.exe
- Size
  
  485KB
- MD5
  
  6158318928d7c1766fdcfaa709a7abc3
- SHA1
  
  8e97d01124e506d2eb3a8dc2a214209c12e36177
- SHA256
  
  d378bbf249a91273ed467359e6e604b84030b161521cf621092dbf5767bf2deb
- SHA512
  
  9030f42975360b0c56fb7cba0d5b9b7a2b614e5b5ed80e2ab0d1ac473ffb4c1ce21fbd1f20b167039e44f781d21759d1e61d14968335b89bba16cf021eb51baa
- SSDEEP
  
  6144:qxX8cu4pLaCQCXmIwytBvQNieHfV56BMW7ALzj9yY7GSHUitRFCFuedWc++g:qxX8NE2CQCXm7ytehVkMFjGSRt+++g
Score

10^/10

redline @new@2023 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@new@2023discoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer