redline | 6bfe5cb75305012b4f0ada1eebfaf4014246ba16bd9c1cc10c287cdb03a8785b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c130145c2fccbb9bd335b123bad50a91.bin
Size

89KB
Sample

231126-cf8q5sec74
MD5

c7f8051b9d1b752dc37edc225577f114
SHA1

a7be3ac0ac45c5a5d17ad149019a5f4ee1062433
SHA256

6bfe5cb75305012b4f0ada1eebfaf4014246ba16bd9c1cc10c287cdb03a8785b
SHA512

802977e770b26e284da0ee27e43ae6b21e31608a4833615754d33b38c0ce0da35f8a635ddd7974ae98b31dc9f81b2b6a1fe3341027fa621aaf4563ff9e7d75bf
SSDEEP

1536:jPKEfpj9D3dNt/3lJaZ21G01mMZllNWwU1hgmgRZf02v/UOKe5:mEfpj97Df2hgmOlNqbg4nOKe5

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

C2

5.42.65.101:40676

Attributes

auth_value
0c2a949c5b174438ca3af428500614d8

Targets

- Target
  
  052e63367e14824f06834174b31fdbc4762a133046979fb1d588452bdf301d7e.exe
- Size
  
  213KB
- MD5
  
  c130145c2fccbb9bd335b123bad50a91
- SHA1
  
  34278ca42f1ece8cb02a4eb9e1db0f31b7f2f261
- SHA256
  
  052e63367e14824f06834174b31fdbc4762a133046979fb1d588452bdf301d7e
- SHA512
  
  62024f254370dafa6b7b40434d6cd8f9841fbf791ec111158d81f6acf7b6327ab1eca0f04ab29fd96062ababbb6bf43f159a39993e24480d2bace63882a3e781
- SSDEEP
  
  3072:THCae+du/k9T2yVhdxwVdZ5NqGefxzQx0Vt0VlNu3Y94o:HlZjmVdDgGeKCVtP30
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer