redline

General

Target

3186169465bd21bcff1362b757e31e4a82ee4708688cdf8af09817395a483ee5
Size

282KB
Sample

230114-vld3tsag83
MD5

8e13779be55d650188d40676e1be4423
SHA1

fa204748b01a3a472f64dfe83a8b6635a4efd3c0
SHA256

c8e23dd4e92ba580281a114b964ab19438515b66979c86f15cdd337a787fde87
SHA512

5e72a1dc96543c68a8e8d209455b614a65bcf29b81d43ff2b2aa7991be6f271d92c71a10e50d649cdabee49718835228a9f8d73160ceda9791123ae987a714d8
SSDEEP

6144:qFW2oZgrul0tO20vkiL9cxKTJF4laJ20C5wto5OQ/GnHjtj:qs0BtOxvNL9XFWTaooQ/eHjtj

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@2023@New

C2

91.215.85.155:32796

Attributes

auth_value
0be5b9b84cd5b707e91a48e341e3f7d7

Targets

- Target
  
  3186169465bd21bcff1362b757e31e4a82ee4708688cdf8af09817395a483ee5
- Size
  
  381KB
- MD5
  
  ad959f501915b133e131007c51a0f818
- SHA1
  
  ce444aeaf0f55cb436f8e4ca9fd1a3346f966a3c
- SHA256
  
  3186169465bd21bcff1362b757e31e4a82ee4708688cdf8af09817395a483ee5
- SHA512
  
  b8cba1d00430e8bdf276332c7adb59a134c3661e7a3a33c91a85bf070d38a7b295cd9086d6954c7b3df788e5caf85dfb7a233fa5f04f85721bd625de319b7998
- SSDEEP
  
  6144:s00JDcGYtg20vkiH9cxKzJF4laJ3mG5LJfCMRSKpgpRjFE:s001c9tgxvNH9jFWAmG5Z3RSKSL
Score

10^/10

redline @2023@new discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2