redline | 6388c748c1d4c86ac8c04f3adddd2eff31f3c17df4316d705cbd2b110eee6ddd | Triage

Sharing

General

Target

b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559.zip
Size

51KB
Sample

230328-lp4cfsbh91
MD5

e1008f122f9a3a79c4538de19fd68ae4
SHA1

74f48c0285dc2ea988eabd54e01c7400c75c696c
SHA256

6388c748c1d4c86ac8c04f3adddd2eff31f3c17df4316d705cbd2b110eee6ddd
SHA512

a659d7b4948948c7b828d7d4577a15c193039b56c2c902b72b8e6e2bc69428eba2989cb6c8d1214a39fb11ff5a1c1a934d17be75e9359a2b123e9c16de9326d1
SSDEEP

1536:/fZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBE:L+MHQFHvtKLvhuBE

Score

10^/10

redline from discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Targets

- Target
  
  b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559
- Size
  
  175KB
- MD5
  
  2236dcb32de67abd49e20c06dd1342b7
- SHA1
  
  db5a1d8f34cb4c08472c316ff5c2128388481f2c
- SHA256
  
  b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559
- SHA512
  
  8b0c420f3968057e4a2d1e8159743ae55e6c0fdc0a392b037f71c1cd115889614d400a01e1c8d20c8fb381f386f7485dde5c98fc75996f320fd9d017711a16ca
- SSDEEP
  
  3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score

10^/10

redline from discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefromdiscoveryinfostealerspywarestealer

behavioral2

redlinefromdiscoveryinfostealerspywarestealer