redline

General

Target

9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea
Size

492KB
Sample

240627-23vkgazblp
MD5

c32028c1d21ffb0f950fd89633908c06
SHA1

c3f8c7d7e684ecf88014deba0d2faec05c11830d
SHA256

9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea
SHA512

3fced92d5a29d6129c043d9f19efbc98dff246984217d904aa4c6fbecad40384325831a428f00c4db0037959003d6d9d15625dfa6c27edc0e80e949d0c2b228c
SSDEEP

12288:sBGtU4PI3MHnOqY3xa4RufYXx7so6swy7Ko8:sIvPq1v6swy7B

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@oleh_psp

C2

185.172.128.33:8970

Targets

- Target
  
  9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea
- Size
  
  492KB
- MD5
  
  c32028c1d21ffb0f950fd89633908c06
- SHA1
  
  c3f8c7d7e684ecf88014deba0d2faec05c11830d
- SHA256
  
  9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea
- SHA512
  
  3fced92d5a29d6129c043d9f19efbc98dff246984217d904aa4c6fbecad40384325831a428f00c4db0037959003d6d9d15625dfa6c27edc0e80e949d0c2b228c
- SSDEEP
  
  12288:sBGtU4PI3MHnOqY3xa4RufYXx7so6swy7Ko8:sIvPq1v6swy7B
Score

10^/10

redline @oleh_psp discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Reads user/profile data of web browsers

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2