redline | e48aa4847a6413fa389e78a59f80cc86b1e7d38f69a2e2b3290bcbfa5d5bd571 | Triage

Sharing

General

Target

09c390f5acede44cb31b70e8a203329b.exe
Size

399KB
Sample

230202-qb3afsad5v
MD5

09c390f5acede44cb31b70e8a203329b
SHA1

2d692742608bdc767a29b3527e2b1dc98feb8052
SHA256

e48aa4847a6413fa389e78a59f80cc86b1e7d38f69a2e2b3290bcbfa5d5bd571
SHA512

66ce5378195405adefe826a38658d6c3105368e3e9d2729b167de4f986d1572e76887fabeae76b768868ddce2bea6f5cd3bc79e06876bb02b0e6da9acf60df93
SSDEEP

6144:7E4LW1pkkK3plu4EgULE0fiq+pzUvbuOR9/CJTk637eQfnd5DxB:JSOLEgULE0aZpzTOR9CJb7d5D

Score

10^/10

redline milaf discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes

auth_value
68aaee25afe3d0ae7d4db09dea02347c

Targets

- Target
  
  09c390f5acede44cb31b70e8a203329b.exe
- Size
  
  399KB
- MD5
  
  09c390f5acede44cb31b70e8a203329b
- SHA1
  
  2d692742608bdc767a29b3527e2b1dc98feb8052
- SHA256
  
  e48aa4847a6413fa389e78a59f80cc86b1e7d38f69a2e2b3290bcbfa5d5bd571
- SHA512
  
  66ce5378195405adefe826a38658d6c3105368e3e9d2729b167de4f986d1572e76887fabeae76b768868ddce2bea6f5cd3bc79e06876bb02b0e6da9acf60df93
- SSDEEP
  
  6144:7E4LW1pkkK3plu4EgULE0fiq+pzUvbuOR9/CJTk637eQfnd5DxB:JSOLEgULE0aZpzTOR9CJb7d5D
Score

10^/10

redline milaf discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemilafdiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer