redline

General

Target

d3ea7d6746f35904fd821dbdd9883e08.exe
Size

285KB
Sample

230703-a8qd6aeb72
MD5

d3ea7d6746f35904fd821dbdd9883e08
SHA1

3e76621a27867506ccf19b424bc98a0ee778f4f0
SHA256

34e583d49b9e513fbd9782feb5d0ff3752f4468c77a012f776fda29cc7630425
SHA512

ecce4649b05e59155b40c270f116de8fb8ed677f50637be013445e0cc612453b68c4712cd8a4bf0c850a7aaa877c370909af2df3cf4b20f57064fa7f38487309
SSDEEP

6144:CLBbSSVN3hCEiL28ruxHrvnz0GvbGjiZWc2:C9bSSVFh7iridPY2GO2

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes

auth_value
9d15d78194367a949e54a07d6ce02c62

Targets

- Target
  
  d3ea7d6746f35904fd821dbdd9883e08.exe
- Size
  
  285KB
- MD5
  
  d3ea7d6746f35904fd821dbdd9883e08
- SHA1
  
  3e76621a27867506ccf19b424bc98a0ee778f4f0
- SHA256
  
  34e583d49b9e513fbd9782feb5d0ff3752f4468c77a012f776fda29cc7630425
- SHA512
  
  ecce4649b05e59155b40c270f116de8fb8ed677f50637be013445e0cc612453b68c4712cd8a4bf0c850a7aaa877c370909af2df3cf4b20f57064fa7f38487309
- SSDEEP
  
  6144:CLBbSSVN3hCEiL28ruxHrvnz0GvbGjiZWc2:C9bSSVFh7iridPY2GO2
Score

10^/10

redline @germany discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2