redline | 100ddd4c404dc0ac79dfba3e7b07334fd7e3be00dff91bad4a51f3d016ceba9a | Triage

Sharing

General

Target

100ddd4c404dc0ac79dfba3e7b07334fd7e3be00dff91bad4a51f3d016ceba9a
Size

1.2MB
Sample

230512-w2lnaagc7v
MD5

08a94e694b988f03b214ebd2439f8986
SHA1

05085b96b8935bd54a8dfcc165036ea1cbd0807c
SHA256

100ddd4c404dc0ac79dfba3e7b07334fd7e3be00dff91bad4a51f3d016ceba9a
SHA512

8f6ea7785860567b7e4eaa713121abca3c67756e1362763b2de374485f847f90750e62f13398f4df2c0f830aa688071de4e40cfcc646645590992392a37211ad
SSDEEP

24576:yygW/ahz40l+M5iyCY12GB56F0PznAjkV+vWXKFrmR3:ZghM0lj1CYQGKF0PbAAVuL

Score

10^/10

redline doma fuga discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Extracted

Family

redline

Botnet

fuga

C2

185.161.248.75:4132

Attributes

auth_value
7c5144ad645deb9fa21680fdaee0d51f

Targets

- Target
  
  100ddd4c404dc0ac79dfba3e7b07334fd7e3be00dff91bad4a51f3d016ceba9a
- Size
  
  1.2MB
- MD5
  
  08a94e694b988f03b214ebd2439f8986
- SHA1
  
  05085b96b8935bd54a8dfcc165036ea1cbd0807c
- SHA256
  
  100ddd4c404dc0ac79dfba3e7b07334fd7e3be00dff91bad4a51f3d016ceba9a
- SHA512
  
  8f6ea7785860567b7e4eaa713121abca3c67756e1362763b2de374485f847f90750e62f13398f4df2c0f830aa688071de4e40cfcc646645590992392a37211ad
- SSDEEP
  
  24576:yygW/ahz40l+M5iyCY12GB56F0PznAjkV+vWXKFrmR3:ZghM0lj1CYQGKF0PbAAVuL
Score

10^/10

redline doma fuga discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomafugadiscoveryinfostealerpersistencespywarestealer