redline | 5710c002ecaac45872e12718541219132d88d172e5647ce334cbc27e6d50ded6 | Triage

Sharing

General

Target

5710c002ecaac45872e12718541219132d88d172e5647ce334cbc27e6d50ded6
Size

305KB
Sample

240424-p5alvsac5z
MD5

b1784baee7e305416de476fb6818186a
SHA1

2b476d89f2501467e57e3133d700d0c5bf8ca11f
SHA256

5710c002ecaac45872e12718541219132d88d172e5647ce334cbc27e6d50ded6
SHA512

08de1ec277959bf6bc5ddc3b1579128b5cd81fe03d2fb97ac6200142806685efb596dea506cf7d2f3bb2e036328edbf176e3f9213c5b30c538e9751be63cd628
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  5710c002ecaac45872e12718541219132d88d172e5647ce334cbc27e6d50ded6
- Size
  
  305KB
- MD5
  
  b1784baee7e305416de476fb6818186a
- SHA1
  
  2b476d89f2501467e57e3133d700d0c5bf8ca11f
- SHA256
  
  5710c002ecaac45872e12718541219132d88d172e5647ce334cbc27e6d50ded6
- SHA512
  
  08de1ec277959bf6bc5ddc3b1579128b5cd81fe03d2fb97ac6200142806685efb596dea506cf7d2f3bb2e036328edbf176e3f9213c5b30c538e9751be63cd628
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer