redline | 11f77bb3da33d92e29003bce510ec724c1bd6f02497da3196894b2cc0d0a541c | Triage

Sharing

General

Target

11f77bb3da33d92e29003bce510ec724c1bd6f02497da3196894b2cc0d0a541c
Size

315KB
Sample

240508-n7j3msea26
MD5

972397b85d8168cdbc42bb8393249159
SHA1

917f29d24653c5820ca6b59a8f8d0eea23a54b13
SHA256

11f77bb3da33d92e29003bce510ec724c1bd6f02497da3196894b2cc0d0a541c
SHA512

c034a12a85cadf4c8d498c1785cc284cf9dfbe84d33f7b295a1ebd767bcf8cddf6d90759e88e63edc7ea0978d8c3da46683a55dd697ee03b21c026fde4981abb
SSDEEP

6144:6Y9pI60nbM8uPZy3+8KIDTou5cvukdMJNJ9uky7EYYV5Qon1NxXXHS:Z9+60nbnuwoY9kyNJIhEYYHQAHVHS

Score

10^/10

redline 5345987420 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/KE5Mft0T

Targets

- Target
  
  11f77bb3da33d92e29003bce510ec724c1bd6f02497da3196894b2cc0d0a541c
- Size
  
  315KB
- MD5
  
  972397b85d8168cdbc42bb8393249159
- SHA1
  
  917f29d24653c5820ca6b59a8f8d0eea23a54b13
- SHA256
  
  11f77bb3da33d92e29003bce510ec724c1bd6f02497da3196894b2cc0d0a541c
- SHA512
  
  c034a12a85cadf4c8d498c1785cc284cf9dfbe84d33f7b295a1ebd767bcf8cddf6d90759e88e63edc7ea0978d8c3da46683a55dd697ee03b21c026fde4981abb
- SSDEEP
  
  6144:6Y9pI60nbM8uPZy3+8KIDTou5cvukdMJNJ9uky7EYYV5Qon1NxXXHS:Z9+60nbnuwoY9kyNJIhEYYHQAHVHS
Score

10^/10

redline 5345987420 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline5345987420discoveryinfostealerspywarestealer

behavioral2

redline5345987420discoveryinfostealerspywarestealer