redline | 05ad540d6d9375bb3fe7a784ee3eccc5f24f350c968c057422ce5a8a6399ebda | Triage

Sharing

General

Target

B A T pass135.rar
Size

6.3MB
Sample

230913-brcmeabd87
MD5

86fcc3bdee91f37139e5ce209453435c
SHA1

8ab9fdbdcd01ac24ff25b16ae2d7871f87299cc8
SHA256

05ad540d6d9375bb3fe7a784ee3eccc5f24f350c968c057422ce5a8a6399ebda
SHA512

7a31527bec5d3e9caf6ab0e15136422771d4280d853e2ce42a26d3f685b63ae8033a838ee158ce3d3e83587f63e7c4f6f1a04996a3fe3bbe36090dad0919f87d
SSDEEP

196608:VCPFwMRtp6mKM4qNAuFTAqeMvjWgcbFMKqxVlg1AB:VC9wkkmVbAWvjObWxbg+

Score

10^/10

redline 4 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

4

C2

95.217.102.56:34889

Attributes

auth_value
9df53bb7f6419105594518c07e5aa1cb

Targets

- Target
  
  B A T/B A T.exe
- Size
  
  655.4MB
- MD5
  
  a91732f562a017b37e84f3419e735955
- SHA1
  
  81d134d81f6c290ee7ba32d3222003efa4db6d1d
- SHA256
  
  2b65bb4e4d8f3a51b1f549b7b46b05fdf378fb861d3f9e6eded2c4a6bde42ec7
- SHA512
  
  741309f1e007f0b9406c48a7acd3fef4eb89515de89b9d71014a14af8809e09f92bff33acdf7850e1aba36aa12c76dd48c33ade96deb85480514dfcb59071993
- SSDEEP
  
  98304:CT24t+4LP7eHDKtmbwOHE3PfIxGFNN8fDHFjoWn5dX/Li4K2fHmu0Os1/pPAR:CTPl+HpVUbNN8fDHdxLvffG1pAR
Score

10^/10

redline 4 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline4discoveryinfostealerspywarestealer

behavioral2

redline4discoveryinfostealerspywarestealer