redline | 8a4f4b3b718131212e0edc9cedb98fe4257c5b7392aaabd3b5e617ddf049e138 | Triage

Sharing

General

Target

8a4f4b3b718131212e0edc9cedb98fe4257c5b7392aaabd3b5e617ddf049e138
Size

305KB
Sample

240424-psn9gsaa26
MD5

03e4e67eeb6a83fe04296019872a9fd7
SHA1

fb36a74665a9b07a018243302b07e38ab7624cef
SHA256

8a4f4b3b718131212e0edc9cedb98fe4257c5b7392aaabd3b5e617ddf049e138
SHA512

091bdfdcc3ce6b12445494e9dd8dd220bb0b582b229188c0be1baabd53d6b0af1a8e16650770413d679821656468061d74e47a17daaf27e316a250c34d535b41
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  8a4f4b3b718131212e0edc9cedb98fe4257c5b7392aaabd3b5e617ddf049e138
- Size
  
  305KB
- MD5
  
  03e4e67eeb6a83fe04296019872a9fd7
- SHA1
  
  fb36a74665a9b07a018243302b07e38ab7624cef
- SHA256
  
  8a4f4b3b718131212e0edc9cedb98fe4257c5b7392aaabd3b5e617ddf049e138
- SHA512
  
  091bdfdcc3ce6b12445494e9dd8dd220bb0b582b229188c0be1baabd53d6b0af1a8e16650770413d679821656468061d74e47a17daaf27e316a250c34d535b41
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlinespoodiscoveryinfostealerspywarestealer