redline

General

Target

9aa8737202bac7dcc71ef4c77939f82b.bin
Size

118KB
Sample

240201-dbr39sbfgn
MD5

5606cb01fad8bd003345488fb18e4f95
SHA1

485e25863470fb73db3e8a3cdfe31b87b94911dd
SHA256

eb4a47653abbe7e92a1d264521f00e82b485bf14fdde046aaa4291f495ae96f9
SHA512

cc31b20810d219e80e0ce86ebf2974e3c721b4565ce44b65f0dd58aad01f8dce07bbc49b0467911813ff9728c8182dc78c3af683bdd41c55b613161977683068
SSDEEP

3072:5A1v4KT/+pVSljF5ZFlQCHloEKD735vNFBqGK3cv:yiKb+T+/ZIEaZ7pv3BqGKe

Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@RLREBORN Cloud TG: @FATHEROFCARDERS)

C2

141.95.211.148:46011

Targets

- Target
  
  a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff.exe
- Size
  
  313KB
- MD5
  
  9aa8737202bac7dcc71ef4c77939f82b
- SHA1
  
  25b29b7274fb3ef7d16052f8400d24540621aff9
- SHA256
  
  a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff
- SHA512
  
  aa55987a32b3e259376594df68a2008007353953a2bf390b44b908e5fdaee181d3b216aec46f8679aa5f5e4164a0a412511621c6249d3cab7e1eba86d8494a7a
- SSDEEP
  
  3072:UA0KubVwL+uacYOFq70W09SIg8DJn5MxfCpWLMRqfjDv/YheqiOL2bBO2:8Qpaw40r8IDYx64MRqfjD4jL
Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2