redline

General

Target

NEAS.692a63b81b65b897ec74222d796c0b80.exe
Size

276KB
Sample

231117-fcgd9sfb39
MD5

692a63b81b65b897ec74222d796c0b80
SHA1

b7a4b61ddf5bc6d5c394b7c9711301dda05ea664
SHA256

e51d0b81ca8d23771538b6f9f787293c86fb78ad2d30fb09a57a9f8bc301dac7
SHA512

e2ac0657abbd7aed771e4be35fc709e572d138b50f501ccae3f203baf63559dccdd65c0b3dc954de375aada412bf5e5c7bf843e3ded0784d957fd87bf9ab8fe8
SSDEEP

6144:zD6cswHTGkIdf487tQi2iklho8Jixi0d:zNswzCj3kr1f0

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

194.169.175.235:42691

Targets

- Target
  
  NEAS.692a63b81b65b897ec74222d796c0b80.exe
- Size
  
  276KB
- MD5
  
  692a63b81b65b897ec74222d796c0b80
- SHA1
  
  b7a4b61ddf5bc6d5c394b7c9711301dda05ea664
- SHA256
  
  e51d0b81ca8d23771538b6f9f787293c86fb78ad2d30fb09a57a9f8bc301dac7
- SHA512
  
  e2ac0657abbd7aed771e4be35fc709e572d138b50f501ccae3f203baf63559dccdd65c0b3dc954de375aada412bf5e5c7bf843e3ded0784d957fd87bf9ab8fe8
- SSDEEP
  
  6144:zD6cswHTGkIdf487tQi2iklho8Jixi0d:zNswzCj3kr1f0
Score

10^/10

redline @oleh_ps discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2