redline | 0c5c2b10c3161ad9452c25d4a10e082ec94f0eb39b583c03ab3534a5e45649a0 | Triage

Sharing

General

Target

0c5c2b10c3161ad9452c25d4a10e082ec94f0eb39b583c03ab3534a5e45649a0.exe
Size

524KB
Sample

240410-bg9t6abc63
MD5

c8edf453ed433cefb2696bb859e0f782
SHA1

e34cf939d6c5a34c7bedfd885249bb7fb15336e5
SHA256

0c5c2b10c3161ad9452c25d4a10e082ec94f0eb39b583c03ab3534a5e45649a0
SHA512

61d0ba50f9678d6614e4d8ab8b06d759891979e0debfda88246871ee110a07c16ceeed4e7baec475b4b63de851bc5d62c69c5ae41674ffc207b94515f6ab197c
SSDEEP

12288:ypFy1/EXmhwdmojNcp/yhBxrQWQAxfUyD4lIx:ypFy1/EXRdUqByWQwf

Score

10^/10

redline 6077866846 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

6077866846

C2

https://pastebin.com/raw/KE5Mft0T

Targets

- Target
  
  0c5c2b10c3161ad9452c25d4a10e082ec94f0eb39b583c03ab3534a5e45649a0.exe
- Size
  
  524KB
- MD5
  
  c8edf453ed433cefb2696bb859e0f782
- SHA1
  
  e34cf939d6c5a34c7bedfd885249bb7fb15336e5
- SHA256
  
  0c5c2b10c3161ad9452c25d4a10e082ec94f0eb39b583c03ab3534a5e45649a0
- SHA512
  
  61d0ba50f9678d6614e4d8ab8b06d759891979e0debfda88246871ee110a07c16ceeed4e7baec475b4b63de851bc5d62c69c5ae41674ffc207b94515f6ab197c
- SSDEEP
  
  12288:ypFy1/EXmhwdmojNcp/yhBxrQWQAxfUyD4lIx:ypFy1/EXRdUqByWQwf
Score

10^/10

redline 6077866846 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline6077866846discoveryinfostealerspywarestealer

behavioral2

redline6077866846discoveryinfostealerspywarestealer