redline

General

Target

0cca99711baf600eb030bbfcf279faf74c564084e733d.exe
Size

175KB
Sample

230209-sra71she36
MD5

30132c45c2305b287d96a3ad8158e9e3
SHA1

c89477868792dbfc6abeb3016e4fcc542b01bea1
SHA256

0cca99711baf600eb030bbfcf279faf74c564084e733df3d9e98bea3e4e2f45f
SHA512

1f6ccbaf0787c9bc61f568c4398374426961fc73ed7ea38c75e27d7025a9df6f93ea111297a6a02acdeea52845067e222e681f278dc7278d834fbbb6be98b74e
SSDEEP

3072:+xqZWjHaJIppUsqT9U6eE5iKh6rxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOu/:kqZ3sqTGZKh

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

nocrypt

C2

176.113.115.17:4132

Attributes

auth_value
4fc7cda1ab5883a6197f20f517ce2a8c

Targets

- Target
  
  0cca99711baf600eb030bbfcf279faf74c564084e733d.exe
- Size
  
  175KB
- MD5
  
  30132c45c2305b287d96a3ad8158e9e3
- SHA1
  
  c89477868792dbfc6abeb3016e4fcc542b01bea1
- SHA256
  
  0cca99711baf600eb030bbfcf279faf74c564084e733df3d9e98bea3e4e2f45f
- SHA512
  
  1f6ccbaf0787c9bc61f568c4398374426961fc73ed7ea38c75e27d7025a9df6f93ea111297a6a02acdeea52845067e222e681f278dc7278d834fbbb6be98b74e
- SSDEEP
  
  3072:+xqZWjHaJIppUsqT9U6eE5iKh6rxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOu/:kqZ3sqTGZKh
Score

10^/10

redline nocrypt discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2