redline

General

Target

9cda3093dddacbd05e0e9c8ce7320c73320ff2ea4b66ca3578b5b4fd9dc80fe2.zip
Size

254KB
Sample

230308-ndbjeafc5v
MD5

53f2e1a3196a9d4b0a94a34d95b69dfd
SHA1

9ee0c6bbf631d2d3e3f3fbef37edd8c8eb4ae441
SHA256

288bf5d46733be998f20042ad71d1e7b27939c1432eee437b1b0f738625dce95
SHA512

b7668288dac8c77ec0f2ba9baa77dfdc5f1dcac907d6e3a2346c0206f564aa383d1dc14accca4e481003dff14d1d4b6106bc2497e6c90341e2f8f6ff18f37f7f
SSDEEP

6144:dRfJ3CgDNL3QB0zfMqk6OwDN9G4yZqahyQTxiys3zw8ilrfKx7:DfJ562PkFIzy2QV11l2B

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes

auth_value
cddc991efd6918ad5321d80dac884b40

Targets

- Target
  
  9cda3093dddacbd05e0e9c8ce7320c73320ff2ea4b66ca3578b5b4fd9dc80fe2.exe
- Size
  
  365KB
- MD5
  
  69fb73e283630210dcb0e9b400a1ee4c
- SHA1
  
  f746b5f15ebf476579d0705720ab4daec3306e41
- SHA256
  
  9cda3093dddacbd05e0e9c8ce7320c73320ff2ea4b66ca3578b5b4fd9dc80fe2
- SHA512
  
  ee9062a2b4a2ece85c000e369dd1bc1815ce159c87235cba0e36e7a26f7548c28d4c6dfe9a10b22addbe7b1f8c2cd9972446925a5e57fa0644d9c617cda1784f
- SSDEEP
  
  6144:YY0L64nRBgQZ50kxyZCQj4pPIuVBNX++ZbE8GqcdPQrixxAAY4eZu:YY0O4RBgQwsyZj4pPlxu+ZQ8id4rixxH
Score

10^/10

redline fud discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2