redline | 4545c839b596f8d01becff14bb61ab84ee25af14e6ba63a946d0ff58eb0f8275 | Triage

Resubmissions

29-06-2023 01:39

230629-b252psce61 10

29-06-2023 01:35

230629-bz1n7sce6v 10

Sharing

General

Target

Uploader.7z
Size

441KB
Sample

230629-b252psce61
MD5

8ab1a5c8f423bb9b62e68445e542fbcc
SHA1

c0fe62d65887d65af8af9f7acbdf7b0e9ebb7458
SHA256

4545c839b596f8d01becff14bb61ab84ee25af14e6ba63a946d0ff58eb0f8275
SHA512

1ecea21b9fac21e6f34f4ae745d1c8888fe6a8830379d18f7d9472606ae5421e44dbd0da0ade0c9732a273a73b5b86cb85923021e5d6c9ea45320dec8b190129
SSDEEP

12288:XNb5SxTKA36CcwdkTIWrR1eXk51r9o4vZDh6p02p:9OTK4rcqkTBr2CbDw02p

Score

10^/10

redline @cocacolan discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@CocacolaN

C2

185.106.93.193:48563

Attributes

auth_value
62e77e7581a6d46f06f11ff370e3e0d6

Targets

- Target
  
  Setup_x32_x64.exe
- Size
  
  748KB
- MD5
  
  830b68cd5d7602365e22f4276a59c300
- SHA1
  
  e96ae5ba5ddc5bb4f0621f273305a154f1cac6c7
- SHA256
  
  886542b9dbb9d5981313562a2f1a0048fa4e590d762c9714a81675d1c53f332d
- SHA512
  
  4afbd5fab0d401177510c95691f5efb87fa8be534aae764ba81518b08f754b8245327765dc13450adbcb042c84d8bbe692411d8909792bf5415f32e6616c29a2
- SSDEEP
  
  12288:DzaXu1iuIHnVNk7/utyfOCLbnd745u4KUVwVyU4xqodHxiRqwRoOP4ixGZbNCONS:DG+iuaVN2mtyfHvnUWVKdEfoMNixC4if
Score

10^/10

redline @cocacolan discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@cocacolandiscoveryinfostealerspywarestealer