redline | 27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b | Triage

Sharing

General

Target

27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b.exe
Size

304KB
Sample

240726-wyx7xazble
MD5

a9a37926c6d3ab63e00b12760fae1e73
SHA1

944d6044e111bbad742d06852c3ed2945dc9e051
SHA256

27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b
SHA512

575485d1c53b1bf145c7385940423b16089cf9ab75404e2e9c7af42b594480470f0e28dadcddbd66e4cd469e45326a6eb4eb2362ccc37edb2a956d224e04cf97
SSDEEP

3072:aq6EgY6iQrUjGk14lwPK4qw9LwwPITAztASKwlcZqf7D34leqiOLibBOh:ZqY6iwwPIknATAZA+lcZqf7DIvL

Score

10^/10

redline 25072023 credential_access discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

25072023

C2

185.215.113.67:40960

Targets

- Target
  
  27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b.exe
- Size
  
  304KB
- MD5
  
  a9a37926c6d3ab63e00b12760fae1e73
- SHA1
  
  944d6044e111bbad742d06852c3ed2945dc9e051
- SHA256
  
  27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b
- SHA512
  
  575485d1c53b1bf145c7385940423b16089cf9ab75404e2e9c7af42b594480470f0e28dadcddbd66e4cd469e45326a6eb4eb2362ccc37edb2a956d224e04cf97
- SSDEEP
  
  3072:aq6EgY6iQrUjGk14lwPK4qw9LwwPITAztASKwlcZqf7D34leqiOLibBOh:ZqY6iwwPIknATAZA+lcZqf7DIvL
Score

10^/10

redline 25072023 credential_access discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

25072023redline

behavioral1

redline25072023credential_accessdiscoveryinfostealerspywarestealer

behavioral2

redline25072023credential_accessdiscoveryinfostealerspywarestealer