redline

General

Target

607c8e5c6b50f2e6ddc15bac7d48c57a81db1b893fd5ecd8d112c73cd1dc5a52.zip
Size

6.3MB
Sample

230329-s52bcsae31
MD5

7bb2082bff15378f53b9abe6a6bc75b5
SHA1

4db2cd8ea2d98cdcfd6677b22f53aa719f51c38f
SHA256

069ca2e2865e37a2e0e15b701b8cb64a8833ad16e38f2a6b6f7b4025451d1205
SHA512

6a8a78432008c33c91bd4c66c8b05e620561cdee180d6007ef734408c9da53bff0fb8849630d16509a1110b5ffed1b8b0391ea19271efc7fa9589ef4e63bae26
SSDEEP

98304:K9f2/aY5GpkSXfsWaMp1dsc+TvbwvpqUel+JQjBvdZ6uG0do5q2lxRCbqka2:K9/pk8fpakdLmsv/MVCuG2uquw/

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

DARKWEB

C2

89.22.234.180:40608

Attributes

auth_value
cf407bc0c9a8384bb62aa110b7844cfe

Targets

- Target
  
  607c8e5c6b50f2e6ddc15bac7d48c57a81db1b893fd5ecd8d112c73cd1dc5a52
- Size
  
  7.2MB
- MD5
  
  c0897e921672c2619acc5d9ff1329860
- SHA1
  
  683d5c1b0858cd5089e4a60ba344872531584d35
- SHA256
  
  607c8e5c6b50f2e6ddc15bac7d48c57a81db1b893fd5ecd8d112c73cd1dc5a52
- SHA512
  
  696ce43462167d474491fc8dee8cd29ef8d12a1795d6b4e5262332fa58b102a503f5565799f960237b8fa58796391f445856206d70b4b8087f9918399063d4ff
- SSDEEP
  
  196608:FLQ6B/XKUDz9NoUXJzUWi7MYjBVvo5/UVC:ZFlaU/9NZXJZinjB9oxgC
Score

10^/10

redline darkweb discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2