redline

General

Target

9e626d06441e87a2ffab2cea65f9045b9c79b46283191c9a952b2003d24830f8.zip
Size

51KB
Sample

230328-ngsbbscc9t
MD5

d5832a0e0562fbffce3cbdafdddc0196
SHA1

b7779151568dfd31112e507a7c524dba72124006
SHA256

d30da3c4d4eb3e1d4907e5c1d724eba9c5f569e3ac7710a0515f50a49c6353cf
SHA512

f0832b62ba84e08d48c48bc54135a03e67e27e69044bbdfefd8c2dce93527f2e570aec59bd852970be90840a2881e93df2243c4e9ac68eba20be909fc1a2020f
SSDEEP

1536:QBTU2C1KW+X1pX20w6Q7mwOxaurbncg+AU+s0jDbBc8CJ:QBAr1R+l85U4urb3++DbBoJ

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

renta

C2

176.113.115.145:4125

Attributes

auth_value
359596fd5b36e9925ade4d9a1846bafb

Targets

- Target
  
  9e626d06441e87a2ffab2cea65f9045b9c79b46283191c9a952b2003d24830f8
- Size
  
  175KB
- MD5
  
  39a69fbac75d44b18ce687df5317d8ab
- SHA1
  
  2a9db16e727e75bf606a0f67e5fa265e2fa7b305
- SHA256
  
  9e626d06441e87a2ffab2cea65f9045b9c79b46283191c9a952b2003d24830f8
- SHA512
  
  d7e59a39f3570699cbe26701bbec468012b8c3f1594da8168391df8659155294353784dd7c45b2f4f43394fce9283a3faed8616797d1cd5438f4b8513af8d7a9
- SSDEEP
  
  3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh
Score

10^/10

redline renta discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2