redline | 7e38904a599157dc2adebdf528570eaed37a78aa79f8a55cfd6c5cb17b30cfdb | Triage

Sharing

General

Target

7e38904a599157dc2adebdf528570eaed37a78aa79f8a55cfd6c5cb17b30cfdb.exe
Size

109KB
Sample

240526-bgl34ahh25
MD5

c6303abf9dd84d2e18526223bad203d7
SHA1

0949234bf42a11fe934a351512915c1f9fa09f03
SHA256

7e38904a599157dc2adebdf528570eaed37a78aa79f8a55cfd6c5cb17b30cfdb
SHA512

868be7c519ff281164d9bb29ebf97f484ab2328ec9c0be29a7fedd5153d7d892aa9041ad685b9fc0582bc1628c80666fa7ef74288070b11404dbb735751832a3
SSDEEP

1536:QNArbbr5J/AmS4lZyNlxCuCR+z94N4c3oJQpZ6FSnH8Nby+xXm8lMI8HI67:Osjj+z94N8oaYmyoWvzo67

Score

10^/10

redline 6552642468_99 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

6552642468_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

- Target
  
  7e38904a599157dc2adebdf528570eaed37a78aa79f8a55cfd6c5cb17b30cfdb.exe
- Size
  
  109KB
- MD5
  
  c6303abf9dd84d2e18526223bad203d7
- SHA1
  
  0949234bf42a11fe934a351512915c1f9fa09f03
- SHA256
  
  7e38904a599157dc2adebdf528570eaed37a78aa79f8a55cfd6c5cb17b30cfdb
- SHA512
  
  868be7c519ff281164d9bb29ebf97f484ab2328ec9c0be29a7fedd5153d7d892aa9041ad685b9fc0582bc1628c80666fa7ef74288070b11404dbb735751832a3
- SSDEEP
  
  1536:QNArbbr5J/AmS4lZyNlxCuCR+z94N4c3oJQpZ6FSnH8Nby+xXm8lMI8HI67:Osjj+z94N8oaYmyoWvzo67
Score

10^/10

redline 6552642468_99 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

6552642468_99redline

behavioral1

redline6552642468_99discoveryinfostealerspywarestealer

behavioral2

redline6552642468_99discoveryinfostealerspywarestealer