redline | c6dac98178570146efc904fc4d6bcc5df17709171499498dbcfd055ae7e97c69 | Triage

Sharing

General

Target

82b32f464096b34f47374b935f88264215cedff3ca4207cc4aacf9b7fb6469f3.zip
Size

51KB
Sample

230329-tvaw4aha45
MD5

51ff0ad321cfc99051c6a1634cf05aec
SHA1

391714ac71823b079ba059a3701cc62bb1584be2
SHA256

c6dac98178570146efc904fc4d6bcc5df17709171499498dbcfd055ae7e97c69
SHA512

ecef77bf1854eaad7ed605431716ef52da2af0ca58c9cb9466b84493b336ab55de288f6e33b11f8863129eb6dbf4fe60c4c283c23932c43496c9babb708202f2
SSDEEP

1536:SByuzr/ZantEidwbWUxqB7bBtidOVEO5eZsTugrEr:ST8tEidvtBUsic4CPrEr

Score

10^/10

redline muse discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

muse

C2

176.113.115.145:4125

Attributes

auth_value
b91988a63a24940038d9262827a5320c

Targets

- Target
  
  82b32f464096b34f47374b935f88264215cedff3ca4207cc4aacf9b7fb6469f3
- Size
  
  175KB
- MD5
  
  cdb6a810f86662ee419547e61083cf0b
- SHA1
  
  cbde6fabd9659881263fb6286ca4a9c76dd66e5d
- SHA256
  
  82b32f464096b34f47374b935f88264215cedff3ca4207cc4aacf9b7fb6469f3
- SHA512
  
  86ba160971569d459df6df6007c4f5ef344976b55aeefb043deda091c6f9651f8f15a2f09bed63a4e804836da55dc1807c2d4557d3617c20d9990e5e650d0cbd
- SSDEEP
  
  3072:VxqZWn7aNQYF8ZueD59IhmHxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+caq:fqZuZZIh
Score

10^/10

redline muse discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemusediscoveryinfostealerspywarestealer

behavioral2

redlinemusediscoveryinfostealerspywarestealer