redline | 799d10acbb0e2886c4d32c771964f4c2cb47f93c817cdc26a9acaefa3ba042cb | Triage

Sharing

General

Target

799d10acbb0e2886c4d32c771964f4c2cb47f93c817cdc26a9acaefa3ba042cb
Size

1006KB
Sample

241003-2g3zqatfna
MD5

c005d4ffa3e28c22b41a9d222598260a
SHA1

57cc3a6540bc38c649ddfdd54fa4f3c8a2423677
SHA256

799d10acbb0e2886c4d32c771964f4c2cb47f93c817cdc26a9acaefa3ba042cb
SHA512

ce39903c46160deeee1c7b362000361a3f5a9243b2e180bbaafa5b8ab09cc09ca413ce32f4deb2074fa928110d25b3dae7465c849fc388a58ddf649a9caa3a68
SSDEEP

24576:WdZE+NmjQ5WymWeoSAj6YztpJF+6Xkb1rlNF:YZbAjQ5WZW2KNFNXmF

Score

10^/10

redline @oleh_psp discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@OLEH_PSP

C2

65.21.18.51:45580

Targets

- Target
  
  799d10acbb0e2886c4d32c771964f4c2cb47f93c817cdc26a9acaefa3ba042cb
- Size
  
  1006KB
- MD5
  
  c005d4ffa3e28c22b41a9d222598260a
- SHA1
  
  57cc3a6540bc38c649ddfdd54fa4f3c8a2423677
- SHA256
  
  799d10acbb0e2886c4d32c771964f4c2cb47f93c817cdc26a9acaefa3ba042cb
- SHA512
  
  ce39903c46160deeee1c7b362000361a3f5a9243b2e180bbaafa5b8ab09cc09ca413ce32f4deb2074fa928110d25b3dae7465c849fc388a58ddf649a9caa3a68
- SSDEEP
  
  24576:WdZE+NmjQ5WymWeoSAj6YztpJF+6Xkb1rlNF:YZbAjQ5WZW2KNFNXmF
Score

10^/10

redline @oleh_psp discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@oleh_pspdiscoveryinfostealerspywarestealer

behavioral2

redline@oleh_pspdiscoveryinfostealerspywarestealer