redline | dfdfe3682f202f09de9874f5de0ac472cb0c9974b26ee184e818c9bda7c772f1 | Triage

Sharing

General

Target

dfdfe3682f202f09de9874f5de0ac472cb0c9974b26ee184e818c9bda7c772f1
Size

306KB
Sample

240424-qqvh6aaf86
MD5

4ab90d0fc543b940c89814fa26b402d9
SHA1

eb2bc48f287ed8f0888286e6d019c631fd659842
SHA256

dfdfe3682f202f09de9874f5de0ac472cb0c9974b26ee184e818c9bda7c772f1
SHA512

589e4a95940e7719ed5b3ec8b0a1a4cff207142f39a93f61d483caeae4d5b1608e00a855df172c78874219de79c4a2286ee61f9293b714212cef9d5ed1ce3f60
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  dfdfe3682f202f09de9874f5de0ac472cb0c9974b26ee184e818c9bda7c772f1
- Size
  
  306KB
- MD5
  
  4ab90d0fc543b940c89814fa26b402d9
- SHA1
  
  eb2bc48f287ed8f0888286e6d019c631fd659842
- SHA256
  
  dfdfe3682f202f09de9874f5de0ac472cb0c9974b26ee184e818c9bda7c772f1
- SHA512
  
  589e4a95940e7719ed5b3ec8b0a1a4cff207142f39a93f61d483caeae4d5b1608e00a855df172c78874219de79c4a2286ee61f9293b714212cef9d5ed1ce3f60
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer