redline | bdd57b59cb70b1f9520aaaf91771f31542e984eb37b94494de791649e54f10d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdd57b59cb70b1f9520aaaf91771f31542e984eb37b94494de791649e54f10d9
Size

337KB
Sample

230202-xzwadaef97
MD5

c65c426d5dcd0d53c0c02186c13b3632
SHA1

46f57e441cbca9aebfd3b0629246a1a4e17c2cd6
SHA256

bdd57b59cb70b1f9520aaaf91771f31542e984eb37b94494de791649e54f10d9
SHA512

6bcc0bb747676411e32b6cb8d3d2bfa125327b915d7be6cc162ef266e496f35ad19e3109947450437bcb3f4833ff12b31e2f4cbb7c43e101ac0468f8fbc53dbe
SSDEEP

6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

Score

10^/10

redline 24.01 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

24.01

C2

37.220.86.164:29170

Attributes

auth_value
1c7f0aa21138601b5201a3a4a0123991

Targets

- Target
  
  bdd57b59cb70b1f9520aaaf91771f31542e984eb37b94494de791649e54f10d9
- Size
  
  337KB
- MD5
  
  c65c426d5dcd0d53c0c02186c13b3632
- SHA1
  
  46f57e441cbca9aebfd3b0629246a1a4e17c2cd6
- SHA256
  
  bdd57b59cb70b1f9520aaaf91771f31542e984eb37b94494de791649e54f10d9
- SHA512
  
  6bcc0bb747676411e32b6cb8d3d2bfa125327b915d7be6cc162ef266e496f35ad19e3109947450437bcb3f4833ff12b31e2f4cbb7c43e101ac0468f8fbc53dbe
- SSDEEP
  
  6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Score

10^/10

redline 24.01 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline24.01discoveryinfostealerspywarestealer