redline | b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f | Triage

Sharing

General

Target

b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
Size

305KB
Sample

240424-pbb8lahf56
MD5

179132e5f0a9fe8551ed7de8abb3869c
SHA1

a6bb6b5a7e5a76be631ece1ab9bfff2b6e3c2e83
SHA256

b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
SHA512

ea32252086b1fa023869896ed93d3aea4c2ac29d4f163dbb6831bbdb489d1756087a32c9da57e4529a284d129305250e9d60c2aeb8bfed2cb73347e39eff7dae
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
- Size
  
  305KB
- MD5
  
  179132e5f0a9fe8551ed7de8abb3869c
- SHA1
  
  a6bb6b5a7e5a76be631ece1ab9bfff2b6e3c2e83
- SHA256
  
  b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
- SHA512
  
  ea32252086b1fa023869896ed93d3aea4c2ac29d4f163dbb6831bbdb489d1756087a32c9da57e4529a284d129305250e9d60c2aeb8bfed2cb73347e39eff7dae
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer