redline | c0f8b5afad6fab4136affd308519c36e3779d597413d00e79e7f939bd7bae782 | Triage

Sharing

General

Target

c0f8b5afad6fab4136affd308519c36e3779d597413d00e79e7f939bd7bae782.exe
Size

1.1MB
Sample

240924-b6jz2awbre
MD5

6c9e7815208530b2574368f8a70e5790
SHA1

61d5d998abbbfe9c6efd9d38b8c99a3b48f8a7de
SHA256

c0f8b5afad6fab4136affd308519c36e3779d597413d00e79e7f939bd7bae782
SHA512

013b6ce1104d05cdd4587197c4e177ef13409db9c81084551450674833d3876a050035a4545a647a257538a2cb44aafaada534c9bfe8e2b5bcf6a9f2dcff134d
SSDEEP

12288:o6MAg23QY02Vmv+TmTT8GlTiWqRZ6KTNnGP+l9+dMR4WrEXpPRTt+WHI9D1shsoY:oKsnZZvqmUNssUdHH5TI/DE/ScisNE

Score

10^/10

redline @logscloudyt_bot discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@LOGSCLOUDYT_BOT

C2

65.21.18.51:45580

Targets

- Target
  
  c0f8b5afad6fab4136affd308519c36e3779d597413d00e79e7f939bd7bae782.exe
- Size
  
  1.1MB
- MD5
  
  6c9e7815208530b2574368f8a70e5790
- SHA1
  
  61d5d998abbbfe9c6efd9d38b8c99a3b48f8a7de
- SHA256
  
  c0f8b5afad6fab4136affd308519c36e3779d597413d00e79e7f939bd7bae782
- SHA512
  
  013b6ce1104d05cdd4587197c4e177ef13409db9c81084551450674833d3876a050035a4545a647a257538a2cb44aafaada534c9bfe8e2b5bcf6a9f2dcff134d
- SSDEEP
  
  12288:o6MAg23QY02Vmv+TmTT8GlTiWqRZ6KTNnGP+l9+dMR4WrEXpPRTt+WHI9D1shsoY:oKsnZZvqmUNssUdHH5TI/DE/ScisNE
Score

10^/10

redline @logscloudyt_bot discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@logscloudyt_botdiscoveryinfostealerspywarestealer

behavioral2