redline | 966d8abd0c9e9ccfaf38c8a492be749847fed9dea13cf73b513a5185c52b913b | Triage

Sharing

General

Target

1808eb6f26588ff256c9b10375b234d1.exe
Size

400KB
Sample

230202-rb5k9acc75
MD5

1808eb6f26588ff256c9b10375b234d1
SHA1

97366eb321d08a208163c45d4fe184b753227a88
SHA256

966d8abd0c9e9ccfaf38c8a492be749847fed9dea13cf73b513a5185c52b913b
SHA512

a9ffb090630dbb58f859955ebecb3ed344f0c8d911c1926a829d6fa2eb199fc44f4f25ce5d7d50e8542f0a4159c6be709b598324ac625c40da50554f325b5783
SSDEEP

6144:L3enLGybhxIojXIbqPx7G2y32e6CoLoyHXjPNxx59/CJTk637eQfnd5YtBD:ga0pXIuxG2y3F6CooCPNv59CJb7d5

Score

10^/10

redline milaf discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes

auth_value
68aaee25afe3d0ae7d4db09dea02347c

Targets

- Target
  
  1808eb6f26588ff256c9b10375b234d1.exe
- Size
  
  400KB
- MD5
  
  1808eb6f26588ff256c9b10375b234d1
- SHA1
  
  97366eb321d08a208163c45d4fe184b753227a88
- SHA256
  
  966d8abd0c9e9ccfaf38c8a492be749847fed9dea13cf73b513a5185c52b913b
- SHA512
  
  a9ffb090630dbb58f859955ebecb3ed344f0c8d911c1926a829d6fa2eb199fc44f4f25ce5d7d50e8542f0a4159c6be709b598324ac625c40da50554f325b5783
- SSDEEP
  
  6144:L3enLGybhxIojXIbqPx7G2y32e6CoLoyHXjPNxx59/CJTk637eQfnd5YtBD:ga0pXIuxG2y3F6CooCPNv59CJb7d5
Score

10^/10

redline milaf discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemilafdiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer