redline | 1526e13f15f7a633f1c73e06793b4ec9aa17530f14f38e2a5843784066a1dd4c | Triage

Sharing

General

Target

1526e13f15f7a633f1c73e06793b4ec9aa17530f14f38e2a5843784066a1dd4c.exe
Size

297KB
Sample

240721-h8w6psxhqk
MD5

eabbb27aa0d2776fc832a6cca0cef3e3
SHA1

39569c6ba28e44e50655e3609c4304c0d75e3cd3
SHA256

1526e13f15f7a633f1c73e06793b4ec9aa17530f14f38e2a5843784066a1dd4c
SHA512

fea7af743e4cbf3ec3b2635e9ea129df1c2d5736bf5d57d3f042f6d071380c39e809381bf4aff021ecfa18d42c290ba9bd1ff6c1a6d0157983bf10f45d6c98e4
SSDEEP

3072:XqFFrqwIOGNDy5RGAOF7NN8bbAYRKj2Gt1hdjNTZGZHICcZqf7D34leqiOLCbBOk:aBIOGAOV8udJTZU/cZqf7DIvL

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

C2

38.180.204.127:17052

Targets

- Target
  
  1526e13f15f7a633f1c73e06793b4ec9aa17530f14f38e2a5843784066a1dd4c.exe
- Size
  
  297KB
- MD5
  
  eabbb27aa0d2776fc832a6cca0cef3e3
- SHA1
  
  39569c6ba28e44e50655e3609c4304c0d75e3cd3
- SHA256
  
  1526e13f15f7a633f1c73e06793b4ec9aa17530f14f38e2a5843784066a1dd4c
- SHA512
  
  fea7af743e4cbf3ec3b2635e9ea129df1c2d5736bf5d57d3f042f6d071380c39e809381bf4aff021ecfa18d42c290ba9bd1ff6c1a6d0157983bf10f45d6c98e4
- SSDEEP
  
  3072:XqFFrqwIOGNDy5RGAOF7NN8bbAYRKj2Gt1hdjNTZGZHICcZqf7D34leqiOLCbBOk:aBIOGAOV8udJTZU/cZqf7DIvL
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer