redline | a63d8ec10d6806fbef80b9885cf0efccae068f5f8cd6f36c88dbf29645ad6549 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a63d8ec10d6806fbef80b9885cf0efccae068f5f8cd6f36c88dbf29645ad6549
Size

118KB
Sample

240507-es5w5acc45
MD5

58c16bdab85942969d3fac5adeee093f
SHA1

d2ca5535a1d93f6647b5cd0c1a27c64ded399bb3
SHA256

a63d8ec10d6806fbef80b9885cf0efccae068f5f8cd6f36c88dbf29645ad6549
SHA512

f9720dd34326d6d83b117d551e6c3db68271c9eb0fd859cfa91224a83882e0806f3d6de5304d8ec9f240b200dfcdc88b293cf8beac9822e4a411f6d54716718b
SSDEEP

3072:RJiH8tYJjv29FRkZVFYa6CAt12VmXDBrQc:Rk9FekZztOt14mX1rQ

Score

10^/10

redline 5637482599 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

5637482599

C2

https://pastebin.com/raw/NgsUAPya

Targets

- Target
  
  a63d8ec10d6806fbef80b9885cf0efccae068f5f8cd6f36c88dbf29645ad6549
- Size
  
  118KB
- MD5
  
  58c16bdab85942969d3fac5adeee093f
- SHA1
  
  d2ca5535a1d93f6647b5cd0c1a27c64ded399bb3
- SHA256
  
  a63d8ec10d6806fbef80b9885cf0efccae068f5f8cd6f36c88dbf29645ad6549
- SHA512
  
  f9720dd34326d6d83b117d551e6c3db68271c9eb0fd859cfa91224a83882e0806f3d6de5304d8ec9f240b200dfcdc88b293cf8beac9822e4a411f6d54716718b
- SSDEEP
  
  3072:RJiH8tYJjv29FRkZVFYa6CAt12VmXDBrQc:Rk9FekZztOt14mX1rQ
Score

10^/10

redline 5637482599 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline5637482599discoveryinfostealerspywarestealer

behavioral2

redline5637482599discoveryinfostealerspywarestealer