redline | 353980f41fa3eb2aa0170414eacddf31afd3f1a610d3c19a4df66c80406c4c1c | Triage

Sharing

General

Target

loader.exe
Size

1.4MB
Sample

240819-zfs21svbqd
MD5

ddd2d7084c7b2f571b66d6ea4c984922
SHA1

e2c31e7280a67bd0e1d5e0fc6d4e6404ab921fd9
SHA256

353980f41fa3eb2aa0170414eacddf31afd3f1a610d3c19a4df66c80406c4c1c
SHA512

61af43a71b2e7a33513f512ce514d02b59d739a2d1583fab25204083fb6ed478855bbd40d59c3dd6a6bdbb8e8f5e36b682ae2387443e43164a3b1fd5dcbedcab
SSDEEP

24576:trQIaZGHZuMZQx/OkmuRgsOK1pf/OGQdfzNAtI:trDSGHQMZQx/OkmuRgsOK1pf/OGQdfzH

Score

10^/10

redline @lisyuka credential_access discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@lisyuka

C2

185.215.113.22:80

Targets

- Target
  
  loader.exe
- Size
  
  1.4MB
- MD5
  
  ddd2d7084c7b2f571b66d6ea4c984922
- SHA1
  
  e2c31e7280a67bd0e1d5e0fc6d4e6404ab921fd9
- SHA256
  
  353980f41fa3eb2aa0170414eacddf31afd3f1a610d3c19a4df66c80406c4c1c
- SHA512
  
  61af43a71b2e7a33513f512ce514d02b59d739a2d1583fab25204083fb6ed478855bbd40d59c3dd6a6bdbb8e8f5e36b682ae2387443e43164a3b1fd5dcbedcab
- SSDEEP
  
  24576:trQIaZGHZuMZQx/OkmuRgsOK1pf/OGQdfzNAtI:trDSGHQMZQx/OkmuRgsOK1pf/OGQdfzH
Score

10^/10

discovery redline @lisyuka credential_access infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@lisyukacredential_accessdiscoveryinfostealerspywarestealer