redline

General

Target

711748edc57eba5c2f8eae155.bin
Size

114KB
Sample

230630-q2lqdseb2w
MD5

2075c0769f942e5b2ad15437d79e9962
SHA1

c7baf38a6a69f4809c255f1359ab8f094dc9fe87
SHA256

c19c856f5ad1b0d9c421c2a265da54d65bab9b6bcf763a8f7003454b0a00f8bd
SHA512

67ac64f7283d3c6c975da0494a441cea863ec4752c7ccd091c9c16456a5d8d17d78d517ebb60b51c7760bc69c32f13b423298dcfaa3fdc8ecc7fe002ab14559d
SSDEEP

3072:1cRhgwm3vpQFzMtT6wxDV/K3C3eWfNiiaXQ/FNr:1cRhglHK3MeEiiaXQ/X

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes

auth_value
e94dff9a76da90d6b000642c4a52574b

Targets

- Target
  
  824802b8de1d5007ebfd0449d1131ef31aec0b5f84fc39fe721fecb9b116007f.exe
- Size
  
  260KB
- MD5
  
  711748edc57eba5c2f8eae155b0b6db2
- SHA1
  
  4ffa6285972fdc3c5c08addd3d880714b2a2c4b9
- SHA256
  
  824802b8de1d5007ebfd0449d1131ef31aec0b5f84fc39fe721fecb9b116007f
- SHA512
  
  fa27c751d2bcedde5e0c24751a8c574144a21cd74e2497a457683bb1c14e48f125439802b99850b024b7d47102c2f6462b058a873f7cf287c9a9b6646061f9f9
- SSDEEP
  
  3072:oUdOnuE1wkPUowtyeBpqKAnn3uKQnNBC34Gvk5DO71KsVR5pN8SkH2oWBtawqU6B:oBuE1wY+pq5nnn5pS5rWaPgYdLaMwEX
Score

10^/10

redline lux3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2