redline | e825e151d734179841928b6654cf6c2ab816eab5940d4ecda34c81ccc02e493c | Triage

Sharing

General

Target

e825e151d734179841928b6654cf6c2ab816eab5940d4ecda34c81ccc02e493c
Size

305KB
Sample

240424-pb8lsshf7z
MD5

4a33f52f02aa6fb8f09dff0a6e3196a8
SHA1

03c701f9f0428f319212f8d9dbda49f240318f0c
SHA256

e825e151d734179841928b6654cf6c2ab816eab5940d4ecda34c81ccc02e493c
SHA512

1711a4168fa67fefe7cf397fcb75c02c6757089ffe6c38b45f2f2382ddd025b9b95fb7016c1b4887652d9fdefbf6654b55f60da4fdc9c0d760de3be43972cca2
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  e825e151d734179841928b6654cf6c2ab816eab5940d4ecda34c81ccc02e493c
- Size
  
  305KB
- MD5
  
  4a33f52f02aa6fb8f09dff0a6e3196a8
- SHA1
  
  03c701f9f0428f319212f8d9dbda49f240318f0c
- SHA256
  
  e825e151d734179841928b6654cf6c2ab816eab5940d4ecda34c81ccc02e493c
- SHA512
  
  1711a4168fa67fefe7cf397fcb75c02c6757089ffe6c38b45f2f2382ddd025b9b95fb7016c1b4887652d9fdefbf6654b55f60da4fdc9c0d760de3be43972cca2
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer