redline | 61a3ea380d7d512b0ac6a71c69c921fc991a2c152e5708be1ce01756baa4723f | Triage

Sharing

General

Target

4b1fdfc993830bdb21e37e3d8a34caa46457c3fddd1ea1422257ee50bdf1c53d.zip
Size

51KB
Sample

230328-ltevnaca3z
MD5

ad4ca84ed27759e583b8c22a6d237a24
SHA1

a71479ed50288df69a0701d63ab83066fb7d3e83
SHA256

61a3ea380d7d512b0ac6a71c69c921fc991a2c152e5708be1ce01756baa4723f
SHA512

2d5d5c69215ca44552ac40802859904fb17d77ae721613244a9b45b074a01098c63b911c98c3f8eff4c3415514559852e79da0210677a0b783de338f6b4b7b38
SSDEEP

1536:TfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBR:H+MHQFHvtKLvhuBR

Score

10^/10

redline from discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Targets

- Target
  
  4b1fdfc993830bdb21e37e3d8a34caa46457c3fddd1ea1422257ee50bdf1c53d
- Size
  
  175KB
- MD5
  
  401f2d4dd664b9c581e3b841720eca35
- SHA1
  
  be68e016d7a63bf9e9c178c97ec0784b2f957405
- SHA256
  
  4b1fdfc993830bdb21e37e3d8a34caa46457c3fddd1ea1422257ee50bdf1c53d
- SHA512
  
  f9f5f5dd78cfba7e2ea95499cd771ebcdece38e773b755f49ff4ae606797ab720f970d71ee3bc271efd3a74d05d67e73d77b1be7ec3ad9e1c3fed302758df7bf
- SSDEEP
  
  3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score

10^/10

redline from discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefromdiscoveryinfostealerspywarestealer

behavioral2

redlinefromdiscoveryinfostealerspywarestealer