redline | 4d8bcd6de5da1e7875d2054dbd3852424b11abad68aee29c03b46ca2408626b1 | Triage

Sharing

General

Target

B6A241C754D2E27C4A31D2967AC11ED0.exe
Size

379KB
Sample

240212-wzbqasah4x
MD5

b6a241c754d2e27c4a31d2967ac11ed0
SHA1

4fbab8a04eb9f769540053345f356e960aeaf55f
SHA256

4d8bcd6de5da1e7875d2054dbd3852424b11abad68aee29c03b46ca2408626b1
SHA512

9ae54475dc1fe059426b166d3b759a07542cce1821506d65441bde30aae33eca3f03f10be796e7c1235236643b9e64638ebf3347ec93affc70584ab30c883dc0
SSDEEP

3072:GW+vI883yzGPyLfVhgAaQTTATeju3Lka9BDYlPDBw6dROe8ajVgn:3+QTy6P2rrVuQG+DPDV

Score

10^/10

redline 1373752142_99 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

1373752142_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

- Target
  
  B6A241C754D2E27C4A31D2967AC11ED0.exe
- Size
  
  379KB
- MD5
  
  b6a241c754d2e27c4a31d2967ac11ed0
- SHA1
  
  4fbab8a04eb9f769540053345f356e960aeaf55f
- SHA256
  
  4d8bcd6de5da1e7875d2054dbd3852424b11abad68aee29c03b46ca2408626b1
- SHA512
  
  9ae54475dc1fe059426b166d3b759a07542cce1821506d65441bde30aae33eca3f03f10be796e7c1235236643b9e64638ebf3347ec93affc70584ab30c883dc0
- SSDEEP
  
  3072:GW+vI883yzGPyLfVhgAaQTTATeju3Lka9BDYlPDBw6dROe8ajVgn:3+QTy6P2rrVuQG+DPDV
Score

10^/10

redline 1373752142_99 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline1373752142_99discoveryinfostealerspywarestealer

behavioral2

redline1373752142_99discoveryinfostealerspywarestealer