redline | 4a99fc5806c37ba4c288f41b0fbd7b7e37e7196f9a142adb1acd57d24ee2e076 | Triage

Sharing

General

Target

Genshin_pwAPSK.zip
Size

6.6MB
Sample

230712-ktts5scf27
MD5

f3ad2afca4a169c83515d3a2f3af2763
SHA1

422abd87db87608e01515bd48894629c5109d617
SHA256

4a99fc5806c37ba4c288f41b0fbd7b7e37e7196f9a142adb1acd57d24ee2e076
SHA512

0809c17d5865c92323ea9cc9b0d051fce7890ede242648c1079cd1ec735f895ec22ce983992b51845cdd87ff0f33fe558f734a74f7dfae03cbde8d7341d382ef
SSDEEP

98304:Jzm8NdzxDdVf0ObBYWV7QpCil/OzKGr0nEEXeX0EMokkw1:J1ldRbnV5imvYnEEXeX0ERw1

Score

10^/10

redline 2 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

2

C2

65.21.118.109:42825

Attributes

auth_value
94b6263d6b4ea59b523674dfddf3486c

Targets

- Target
  
  Genshin_pwAPSK/Genshin_pwAPSK.exe
- Size
  
  655.5MB
- MD5
  
  a661688709a110c18c98b093c7635516
- SHA1
  
  4b39e15fe4d0ce5560d3f0749d348dac657bb962
- SHA256
  
  38607130947eb1abe492d68e81f3b393b146a9c631a3101aebe775def4c0123b
- SHA512
  
  d838fce78dae4c56abaf6e5cac0d57f121823f92fa56f037e34724fb7b49660cf6251c08144e9322ae174b3448b34ca87145f68ae1d4fc91261df6360bb45015
- SSDEEP
  
  98304:kC0Md5Z5XT1dNfYiFToQVVUJial16fuu5I9Ee9eZioI8Q0:lT5DT1dHFrVna41q9Ee9eZio7
Score

10^/10

redline 2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2discoveryinfostealerspywarestealer