redline | 9a34d7026fa359ef241926403455d273e6cf3ce8d6ea8878547d71a82d4925b6 | Triage

Sharing

General

Target

9A34D7026FA359EF241926403455D273E6CF3CE8D6EA8.exe
Size

174KB
Sample

231126-rmmvkshh7y
MD5

4674764646aaff52a7ece3c9d5b28e87
SHA1

ae06079e43c783fd9a2a190301635a9bc624a3d1
SHA256

9a34d7026fa359ef241926403455d273e6cf3ce8d6ea8878547d71a82d4925b6
SHA512

95c123f164592b4ef7bec4ba1dae5927f7371ecd8dcaafeb2a3d8f47d03f4dca330ef2e69c2e3741bfacb5477ddee72e2ac9a8a55e070d03f62a1438a8de608b
SSDEEP

3072:Mltwe744I0ieMK1OIdpJlocOHE0Sktv2yjJg8e8hl:Mlto4I0ieMKTfOHE0wyjG

Score

10^/10

redline x12 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

X12

C2

5.161.108.75:24668

Attributes

auth_value
ba759cbb1ede0d3bfed7240e3ee2cda8

Targets

- Target
  
  9A34D7026FA359EF241926403455D273E6CF3CE8D6EA8.exe
- Size
  
  174KB
- MD5
  
  4674764646aaff52a7ece3c9d5b28e87
- SHA1
  
  ae06079e43c783fd9a2a190301635a9bc624a3d1
- SHA256
  
  9a34d7026fa359ef241926403455d273e6cf3ce8d6ea8878547d71a82d4925b6
- SHA512
  
  95c123f164592b4ef7bec4ba1dae5927f7371ecd8dcaafeb2a3d8f47d03f4dca330ef2e69c2e3741bfacb5477ddee72e2ac9a8a55e070d03f62a1438a8de608b
- SSDEEP
  
  3072:Mltwe744I0ieMK1OIdpJlocOHE0Sktv2yjJg8e8hl:Mlto4I0ieMKTfOHE0wyjG
Score

10^/10

redline x12 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinex12discoveryinfostealerspywarestealer

behavioral2

redlinex12discoveryinfostealerspywarestealer