redline

Resubmissions

01-04-2023 13:09

230401-qdr79sab75 10

01-04-2023 13:05

230401-qbx1qsbe6t 3

Sharing

Copy URL

Twitter E-mail

General

Target

https://bit.ly/40EzzTq
Sample

230401-qdr79sab75

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@im_HiLLi

37.220.87.8:42823

Attributes

auth_value
52bf9dde344e4860030827f790e28cca

Targets

- Target
  
  https://bit.ly/40EzzTq
Score

10^/10

redline @im_hilli infostealer persistence spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

urlscan1

behavioral1