redline

General

Target

d8d88d5850ac88aa2069cdeb0a232a89.bin
Size

85KB
Sample

231126-cgpdwsee5x
MD5

db80722090ea128905a06ae4a3028453
SHA1

d88f87a4a6fe4d4237b4fb05ea2ae31ac80d29bf
SHA256

737fa003e59e86ebf835b524c3e47d6448cf1dfaf31555630584c017dc82d783
SHA512

f1cf06ca391e380ade0594d20c267a4d1c3ee68199fb3e869151dde306a36ddbceef4469a05f740f102d51265029cf2aaab21f58485681788d756b767f2c3f6c
SSDEEP

1536:DwOgKxiz3MxyyhB+s9xQJDtyereLJlr1A6lS9izakheW04Lym:DwOgIGMxy+BRmtgeaLJlr1ZlS9gr0Gym

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

sq3

C2

194.169.175.220:30615

Targets

- Target
  
  fe5d827752446c287c581f1c20b559f66b477e98ddf453d3fbaeeb6419aa792d.exe
- Size
  
  219KB
- MD5
  
  d8d88d5850ac88aa2069cdeb0a232a89
- SHA1
  
  d361fd111d2a5145670a5f8739915f2786cb111a
- SHA256
  
  fe5d827752446c287c581f1c20b559f66b477e98ddf453d3fbaeeb6419aa792d
- SHA512
  
  2fef4034ba2beadc5a84b5c1163dd58ed2f583a910b4511dd9437fe2c1e2c27639771642386437b53aecfc57c8375b905eae3dbb835ba8ae969d7727e65ffd11
- SSDEEP
  
  3072:6693FTitU7pNgcAfimrHV7+9IWQ8ARSdhs1Sc9eOCd4NpKSo:669V+tU7pNgcARrHV040vs1SstCd4Nk
Score

10^/10

redline sq3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2