redline | 52c577f7b3d48d2c38fbe75615acd65756ac6d234125129824db4f902c90905b | Triage

Sharing

General

Target

52c577f7b3d48d2c38fbe75615acd65756ac6d234125129824db4f902c90905b
Size

306KB
Sample

240424-rg1jgsbc52
MD5

15f965db1341008df96145eaf9ab1d78
SHA1

3bd2143c8def37fbb5a16ef2405abf83db69a6d8
SHA256

52c577f7b3d48d2c38fbe75615acd65756ac6d234125129824db4f902c90905b
SHA512

c5d934ed1f30084ed1deb7e72b2199e59143534b1457b192bce8be5c6f352afb6074c04c8a53655b22a7e64ce587d50731a2a51c074f3db08bdc890f2601d049
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  52c577f7b3d48d2c38fbe75615acd65756ac6d234125129824db4f902c90905b
- Size
  
  306KB
- MD5
  
  15f965db1341008df96145eaf9ab1d78
- SHA1
  
  3bd2143c8def37fbb5a16ef2405abf83db69a6d8
- SHA256
  
  52c577f7b3d48d2c38fbe75615acd65756ac6d234125129824db4f902c90905b
- SHA512
  
  c5d934ed1f30084ed1deb7e72b2199e59143534b1457b192bce8be5c6f352afb6074c04c8a53655b22a7e64ce587d50731a2a51c074f3db08bdc890f2601d049
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer