redline

General

Target

0x0007000000014145246.dat
Size

170KB
Sample

230505-wrcmmadg8t
MD5

a11e653a61026cdea9517e53378ce06f
SHA1

7de66df8bd0cd91dc2802aad78ded139c4164951
SHA256

216934868ec1697ba95b5cff5b792b8d270ad78eb88d493ab5a5d183860a9080
SHA512

b67d48d4f468a406860f2b87409b8a2c20b8be3dbab2cf1792e2eb092a376846f2a02a661b08755d0a90a0e882d8f18f6bc33a5071cd3d5889823cf0dcc9b276
SSDEEP

1536:TyqlwNqlVZRGWY8HrIGtRSotDaZIPeKNDETGqVqbuFz1CSwx83wYk/8e8hR:Th6D3GtzD263qVeUESwx58e8hR

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

diza

C2

217.196.96.56:4138

Attributes

auth_value
bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

- Target
  
  0x0007000000014145246.dat
- Size
  
  170KB
- MD5
  
  a11e653a61026cdea9517e53378ce06f
- SHA1
  
  7de66df8bd0cd91dc2802aad78ded139c4164951
- SHA256
  
  216934868ec1697ba95b5cff5b792b8d270ad78eb88d493ab5a5d183860a9080
- SHA512
  
  b67d48d4f468a406860f2b87409b8a2c20b8be3dbab2cf1792e2eb092a376846f2a02a661b08755d0a90a0e882d8f18f6bc33a5071cd3d5889823cf0dcc9b276
- SSDEEP
  
  1536:TyqlwNqlVZRGWY8HrIGtRSotDaZIPeKNDETGqVqbuFz1CSwx83wYk/8e8hR:Th6D3GtzD263qVeUESwx58e8hR
Score

10^/10

redline diza discovery infostealer spyware stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Redline Stealer samples

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2