redline | 6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4 | Triage

Sharing

General

Target

6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
Size

306KB
Sample

240424-qp27lsaf78
MD5

dbeb12a1da97ee2f02e1d71d1624d5ff
SHA1

30afa05b95b7c82b777bd09aa0c3525995b34a20
SHA256

6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
SHA512

c728b73741278d0bd0cf1f4048bd953e6f8cf52848ccd600d0713d0584f04b75504d19343f383de68df94665a41e1bc80a6df10aaefef64a2e85188837031c55
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
- Size
  
  306KB
- MD5
  
  dbeb12a1da97ee2f02e1d71d1624d5ff
- SHA1
  
  30afa05b95b7c82b777bd09aa0c3525995b34a20
- SHA256
  
  6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
- SHA512
  
  c728b73741278d0bd0cf1f4048bd953e6f8cf52848ccd600d0713d0584f04b75504d19343f383de68df94665a41e1bc80a6df10aaefef64a2e85188837031c55
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer