redline | 14eaeb52e4ee63e83ac0c70a55c53f0b489cde8a52dffc86ac457cf6402a1bba | Triage

Sharing

General

Target

14eaeb52e4ee63e83ac0c70a55c53f0b489cde8a52dffc86ac457cf6402a1bba
Size

306KB
Sample

240424-smhfjacc2w
MD5

60304b8e9348e2ddf5933e6ab8a3539d
SHA1

5a131b0e4e9f80c68262b4b4df7dcfb1e3cb1b8b
SHA256

14eaeb52e4ee63e83ac0c70a55c53f0b489cde8a52dffc86ac457cf6402a1bba
SHA512

a7d6a1a69d1c4d588d22d55aae7a0a6b819cde4dd7c7d72d806a49d026bd6140e6a0edf17b57c49f3be0d83368478c077bda51663de092a411ce033243b5ff81
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  14eaeb52e4ee63e83ac0c70a55c53f0b489cde8a52dffc86ac457cf6402a1bba
- Size
  
  306KB
- MD5
  
  60304b8e9348e2ddf5933e6ab8a3539d
- SHA1
  
  5a131b0e4e9f80c68262b4b4df7dcfb1e3cb1b8b
- SHA256
  
  14eaeb52e4ee63e83ac0c70a55c53f0b489cde8a52dffc86ac457cf6402a1bba
- SHA512
  
  a7d6a1a69d1c4d588d22d55aae7a0a6b819cde4dd7c7d72d806a49d026bd6140e6a0edf17b57c49f3be0d83368478c077bda51663de092a411ce033243b5ff81
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer