redline | 28c31ac301aacdf4d099775efbed0932ea299ab42b070060b3ef5c3f09338256 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28c31ac301aacdf4d099775efbed0932ea299ab42b070060b3ef5c3f09338256
Size

695KB
Sample

231003-mjvc2abg39
MD5

a9910121056a3c030edc86562000399f
SHA1

82688decc59fd41526632dbc62aa16a224e18bc6
SHA256

28c31ac301aacdf4d099775efbed0932ea299ab42b070060b3ef5c3f09338256
SHA512

59f8a6ebc424b32c133b15c48b0865660b3c1a3b8e10a2183f8da9ed960ccac193def7d7dd22bb755812df433b16fe57d1069a106d1de4354eccb21aca314365
SSDEEP

12288:Il+7jKb4Vv5fpIOiePwGIuYlu71oQC7s2LuF+F9DY2BIkHFcHEU2a1O:zVv5fbPwfkqLDYm

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Targets

- Target
  
  28c31ac301aacdf4d099775efbed0932ea299ab42b070060b3ef5c3f09338256
- Size
  
  695KB
- MD5
  
  a9910121056a3c030edc86562000399f
- SHA1
  
  82688decc59fd41526632dbc62aa16a224e18bc6
- SHA256
  
  28c31ac301aacdf4d099775efbed0932ea299ab42b070060b3ef5c3f09338256
- SHA512
  
  59f8a6ebc424b32c133b15c48b0865660b3c1a3b8e10a2183f8da9ed960ccac193def7d7dd22bb755812df433b16fe57d1069a106d1de4354eccb21aca314365
- SSDEEP
  
  12288:Il+7jKb4Vv5fpIOiePwGIuYlu71oQC7s2LuF+F9DY2BIkHFcHEU2a1O:zVv5fbPwfkqLDYm
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer