redline

General

Target

927fa2810d057f5b7740f9fd3d0af3c9.bin
Size

317KB
Sample

240122-cycfnaeddj
MD5

bd8e36bd5f1a72c35e90ef0c565cffda
SHA1

0e1fdce57a4faa4a1656a999583f48a0c12e6275
SHA256

e5331799723ae13300f9a49b5588662a116adf662d373e4fea33c3b13b636b40
SHA512

7cc96025534ea6e3ab94ce75257f9a9a652a9b936bc16e3d38f13d854424338839d914c71ed7da828489e1b96c5edeb04a731edf32bc74187270b30ad467d42f
SSDEEP

6144:/sIdyErr7JsSYUNIjzLjxJNbgkS2VVIKA7Br1kDGznje:/dUIpsSYkIjzZVS2VxIB2snC

Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@RLREBORN Cloud TG: @FATHEROFCARDERS)

C2

141.95.211.148:46011

Targets

- Target
  
  9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9.exe
- Size
  
  329KB
- MD5
  
  927fa2810d057f5b7740f9fd3d0af3c9
- SHA1
  
  b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
- SHA256
  
  9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
- SHA512
  
  54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8
- SSDEEP
  
  6144:Y2A0vtQBor7oi2eemoLa9VBdH/Mz1KKd619AqUAwZuav:FA0v4ovo8NoLm5s5duBUAwJ
Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2