redline | c3cc84baad8724ee6bccf6db8de8fe1c177b8285354a087e79af4c686d1cb3e1 | Triage

Sharing

General

Target

6619ae6f8095b57068069f5897dee10d36870985e6e537dc0c3b06c2db1958fe.zip
Size

51KB
Sample

230328-z1eecsfa9x
MD5

1ecfcf31471c64479ed26b3015316853
SHA1

4449f0bce428b56981dd3625d870e1a3cfa44d38
SHA256

c3cc84baad8724ee6bccf6db8de8fe1c177b8285354a087e79af4c686d1cb3e1
SHA512

bd7713739efcdd90f846b095a7ee951aa505bb6590a2dd9a8f536e9bcd5cfdad1401c967108dc5f84e07edb57d144e6303c1b995d77211af87c9278cf7b8d264
SSDEEP

768:TbJhjZOsyfj0ZwKINQbzWztOw+i9HsyaumA4wWqJ2vcacOyNITgmmhKlZ6YHD:TfZlP+MHWztHF9HVO0acOyNIkmmhhYj

Score

10^/10

redline from discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Targets

- Target
  
  6619ae6f8095b57068069f5897dee10d36870985e6e537dc0c3b06c2db1958fe
- Size
  
  175KB
- MD5
  
  5e37764ee2b604cf15229e03bd48f598
- SHA1
  
  bfa4531d65c9518f46384c545b3fe6a6c8069ae3
- SHA256
  
  6619ae6f8095b57068069f5897dee10d36870985e6e537dc0c3b06c2db1958fe
- SHA512
  
  2cb84d50a1586d04df39e5a1f15247198fdd20a29a669160ff72c38650f67f3c52148ce9b301dba46b31fbcde46a24acf092931b3bfc77cedd7b4c573bf4715c
- SSDEEP
  
  3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score

10^/10

redline from discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefromdiscoveryinfostealerspywarestealer

behavioral2

redlinefromdiscoveryinfostealerspywarestealer