redline | c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a | Triage

Sharing

General

Target

c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
Size

306KB
Sample

240424-rnjvbabd39
MD5

fa4ab5265dea71f2fa6469a55de1d30c
SHA1

ccd82a282edb641691f4e07f7d49c89882ebf635
SHA256

c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
SHA512

810832b1fdfa3309adb99587d52529c4f54351a958f841ddc0f8d1c69964e2b20e9e89b2add0ef2178f9c717679a9e5e1a200a38c51ccb10666919518dd65253
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
- Size
  
  306KB
- MD5
  
  fa4ab5265dea71f2fa6469a55de1d30c
- SHA1
  
  ccd82a282edb641691f4e07f7d49c89882ebf635
- SHA256
  
  c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
- SHA512
  
  810832b1fdfa3309adb99587d52529c4f54351a958f841ddc0f8d1c69964e2b20e9e89b2add0ef2178f9c717679a9e5e1a200a38c51ccb10666919518dd65253
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer