redline

General

Target

18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71.zip
Size

51KB
Sample

230328-m97faaaf42
MD5

dc1faee13b4c855531403d1db67953f1
SHA1

8e9b0b5904c773bfddeb24ec83a9c1d7cc9aed94
SHA256

fb06e98648bae830fea25956f014839ca82611521a58d79ccc54ff5403a7df75
SHA512

17e39f1895c5fcd00caa518908cd419f5a073c2801b68e95000bfb56d4ed53490e29718a1aa355c027856394d1cb842bdbf28e0f87d384424a87dc1a3702ba5e
SSDEEP

1536:HOuTeTnE72ASTtQX6MZPDjAWi6t3qQVPwRyeMJRDf:HJyTnE7HSiX6MZPDjAQZqQVPwRyZJ5f

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

fort

C2

193.233.20.33:4125

Attributes

auth_value
5ea5673154a804d8c80f565f7276f720

Targets

- Target
  
  18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71
- Size
  
  175KB
- MD5
  
  aa7167ada927ebbde1ce31f267c49221
- SHA1
  
  9299fd3277965396a96a569aade89e6f4cfbdd15
- SHA256
  
  18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71
- SHA512
  
  139a35258e93f52434f4c3bb201037d86432688a4b778c726ddaa8a7180c0c22010eda1aaa4f9f5124bda4c0a6438a2a957c3717818ba069e2b485983b97849b
- SSDEEP
  
  3072:ExqZWjfa8oty3NhMkRq4MeV59kh4rxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jQ:aqZCNhM8h9kh
Score

10^/10

redline fort discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2