redline | 9b22afc7931938bf960bce1fe68675f43c0cd044a60aeca4d1e5ef8358bd667a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b22afc7931938bf960bce1fe68675f43c0cd044a60aeca4d1e5ef8358bd667a
Size

115KB
Sample

240727-mj3dmsvbnk
MD5

41bfd5322060be42d5cb4e6e10b083b1
SHA1

72cef546a11dda42b864fa8e56cc92f720a7db0b
SHA256

9b22afc7931938bf960bce1fe68675f43c0cd044a60aeca4d1e5ef8358bd667a
SHA512

656d4fca9d8b664c6052294b9da994ea6e6cfec6b440d99f0ccb388a5aebdd244e9af93b535d9849ca2a5e7ff7341703861278764a6589dd2235d248368c9ad5
SSDEEP

3072:SbGWN1y1JggwXVBaQC5cDyxaBFhOxPRA/CJvjW0fL:oi2gIbCWDrFGZA/0jW0fL

Score

10^/10

redline 25072023 credential_access discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

25072023

C2

185.215.113.67:40960

Targets

- Target
  
  27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b.exe
- Size
  
  304KB
- MD5
  
  a9a37926c6d3ab63e00b12760fae1e73
- SHA1
  
  944d6044e111bbad742d06852c3ed2945dc9e051
- SHA256
  
  27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b
- SHA512
  
  575485d1c53b1bf145c7385940423b16089cf9ab75404e2e9c7af42b594480470f0e28dadcddbd66e4cd469e45326a6eb4eb2362ccc37edb2a956d224e04cf97
- SSDEEP
  
  3072:aq6EgY6iQrUjGk14lwPK4qw9LwwPITAztASKwlcZqf7D34leqiOLibBOh:ZqY6iwwPIknATAZA+lcZqf7DIvL
Score

10^/10

redline 25072023 credential_access discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

25072023redline

behavioral1

redline25072023credential_accessdiscoveryinfostealerspywarestealer

behavioral2

redline25072023credential_accessdiscoveryinfostealerspywarestealer