redline | 711b0e45442e818e03b0b4e750c392600355c48e2ca58cc70ee33b40c0e63bc4 | Triage

Sharing

General

Target

711b0e45442e818e03b0b4e750c392600355c48e2ca58cc70ee33b40c0e63bc4
Size

306KB
Sample

240424-q4lheaah99
MD5

263fac399b03e31bba4efe066a834404
SHA1

52047dd0297dc6dd20aba3d0797ec2d8195e8562
SHA256

711b0e45442e818e03b0b4e750c392600355c48e2ca58cc70ee33b40c0e63bc4
SHA512

7e5daea515cdc4f3f5874182df9f1a37fd8b12fdd51e0ac70e5a85c44a3342ae04f4b8386b7b565b5c939f8ad38a294bf0c15cafcc54f8db23e270ead558bd0b
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  711b0e45442e818e03b0b4e750c392600355c48e2ca58cc70ee33b40c0e63bc4
- Size
  
  306KB
- MD5
  
  263fac399b03e31bba4efe066a834404
- SHA1
  
  52047dd0297dc6dd20aba3d0797ec2d8195e8562
- SHA256
  
  711b0e45442e818e03b0b4e750c392600355c48e2ca58cc70ee33b40c0e63bc4
- SHA512
  
  7e5daea515cdc4f3f5874182df9f1a37fd8b12fdd51e0ac70e5a85c44a3342ae04f4b8386b7b565b5c939f8ad38a294bf0c15cafcc54f8db23e270ead558bd0b
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo infostealer discovery
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespooinfostealer

behavioral2

redlinespoodiscoveryinfostealer