redline | c7bb48c7fff6b7c6fe8ae583fb04bcd95109accd8331b02bb63cc0753af7bfc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7bb48c7fff6b7c6fe8ae583fb04bcd95109accd8331b02bb63cc0753af7bfc9
Size

267KB
Sample

230616-p2x8rafa62
MD5

3479feae7c8ca4c88dbfde2e1b346917
SHA1

7a673d1f7722d0563a7accb3fa501c5efe5ea331
SHA256

c7bb48c7fff6b7c6fe8ae583fb04bcd95109accd8331b02bb63cc0753af7bfc9
SHA512

3225ac45925583aeba5fb19d591f3dbcce6a958c1c31a229a293ae19e196fbe67872de291363c7f825cef186f678c3c585b2fb8f940e18dbb2e255b542b1ec8d
SSDEEP

3072:Ekg6cmNdEYWwsqbdyjk2gwILCUm2oIX2BFHEYrFvhbSllz1DucAx:IWs06gwI7m29CLrvbSllzp

Score

10^/10

redline grega discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

grega

C2

83.97.73.130:19061

Attributes

auth_value
16e2fbc2847b2270b3f0679e2dd76c8d

Targets

- Target
  
  c7bb48c7fff6b7c6fe8ae583fb04bcd95109accd8331b02bb63cc0753af7bfc9
- Size
  
  267KB
- MD5
  
  3479feae7c8ca4c88dbfde2e1b346917
- SHA1
  
  7a673d1f7722d0563a7accb3fa501c5efe5ea331
- SHA256
  
  c7bb48c7fff6b7c6fe8ae583fb04bcd95109accd8331b02bb63cc0753af7bfc9
- SHA512
  
  3225ac45925583aeba5fb19d591f3dbcce6a958c1c31a229a293ae19e196fbe67872de291363c7f825cef186f678c3c585b2fb8f940e18dbb2e255b542b1ec8d
- SSDEEP
  
  3072:Ekg6cmNdEYWwsqbdyjk2gwILCUm2oIX2BFHEYrFvhbSllz1DucAx:IWs06gwI7m29CLrvbSllzp
Score

10^/10

redline grega discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinegregadiscoveryinfostealerspywarestealer