redline | ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c | Triage

Sharing

General

Target

ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
Size

305KB
Sample

240424-m9klhshb31
MD5

7fed789833fd278836d05b0a498598b7
SHA1

0da9370052f61661f03467276954e708887ab9c8
SHA256

ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
SHA512

5e2a2fb3e229d1274376f10d4fdef72f628bb9784ae650e68c95511b4403f0d68fa8f964144acb9ae926dcf232817992eab9882abf0814a8980f7828bc721f12
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
- Size
  
  305KB
- MD5
  
  7fed789833fd278836d05b0a498598b7
- SHA1
  
  0da9370052f61661f03467276954e708887ab9c8
- SHA256
  
  ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
- SHA512
  
  5e2a2fb3e229d1274376f10d4fdef72f628bb9784ae650e68c95511b4403f0d68fa8f964144acb9ae926dcf232817992eab9882abf0814a8980f7828bc721f12
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer