redline | c4aa93ecd2b250a4af9e9e58ddcc768fa17f074a02424b9c159a1486fb04fecd | Triage

Sharing

General

Target

BattleBit _ysEUxB.zip
Size

6.3MB
Sample

230712-hy68xscc88
MD5

1c2bdd5cc6abd0d0aa7bccbedaa8b085
SHA1

c1182177c409e288c55cb2d1694b450b84755f4d
SHA256

c4aa93ecd2b250a4af9e9e58ddcc768fa17f074a02424b9c159a1486fb04fecd
SHA512

7fdf905151a24357a07ca6149de2d69352fc6aafbba547f4fdb2de5df33e417d1389c5e368b6e6c9bcf16b7dae2bd4f92f378747902a36c284f363df58d3d5ca
SSDEEP

98304:yxTFAtNCdKWxHWN2+lSbNQ7xygu3TtihekUWhYPTv4sJj3s8zBljZjF:CKCdbHWN2FQ0gJ4keD4sJwuBl9jF

Score

10^/10

redline 2 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

2

C2

65.21.118.109:42825

Attributes

auth_value
94b6263d6b4ea59b523674dfddf3486c

Targets

- Target
  
  BattleBit _ysEUxB/BattleBit _ysEUxB.exe
- Size
  
  655.4MB
- MD5
  
  5c1001bd5aea9b4b0ae525576350950f
- SHA1
  
  65607a87b3f3d7214526c28e1062a27a0363d264
- SHA256
  
  bc07079ca0ad1e20090245c14b7d7b5976678ca3854947b24a64e3334df4b99f
- SHA512
  
  1709e0148ed14daabe3885e3dae475a2ff7491983e11f42ad940e5691f70a571efe7158fb732d01b8486460e49ad2bc1c6761041f33136e169d82ff97d69ad27
- SSDEEP
  
  98304:m43tpINuCfbWcd7Hzk7H07lu4UtbtEh+waQb2vTT6QJN3A87Ptnxa:m4P0fSp0k4rUweH6QJ6SPtM
Score

10^/10

redline 2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2discoveryinfostealerspywarestealer