redline | e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3cb33bac121d804c1d61 | Triage

Sharing

General

Target

e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3.exe
Size

300KB
Sample

241227-wrg74sxnfy
MD5

95b7a7cbc0aff0215004c5a56ea5952c
SHA1

a1fb08b02975ec4869bcaf387d09d0abcced27e9
SHA256

e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3cb33bac121d804c1d61
SHA512

97ac66de88cac709e37d59c8a388c18d69aa3422d275be3e28b92e87167bcd87a310125e7dca593fe1b66d2f826cb2e22b64d51eac07dc94981dcd123e906961
SSDEEP

3072:5cZqf7D342p/0+mAAkygmgQEgHaB1fA0PuTVAtkxz53RAeqiOL2bBOA:5cZqf7DIOnwT2B1fA0GTV8krAL

Score

10^/10

redline 1488traffer discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

1488Traffer

C2

147.45.44.224:1912

Targets

- Target
  
  e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3.exe
- Size
  
  300KB
- MD5
  
  95b7a7cbc0aff0215004c5a56ea5952c
- SHA1
  
  a1fb08b02975ec4869bcaf387d09d0abcced27e9
- SHA256
  
  e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3cb33bac121d804c1d61
- SHA512
  
  97ac66de88cac709e37d59c8a388c18d69aa3422d275be3e28b92e87167bcd87a310125e7dca593fe1b66d2f826cb2e22b64d51eac07dc94981dcd123e906961
- SSDEEP
  
  3072:5cZqf7D342p/0+mAAkygmgQEgHaB1fA0PuTVAtkxz53RAeqiOL2bBOA:5cZqf7DIOnwT2B1fA0GTV8krAL
Score

10^/10

redline 1488traffer discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

1488trafferredline

behavioral1

redline1488trafferdiscoveryinfostealerspywarestealer

behavioral2

redline1488trafferdiscoveryinfostealerspywarestealer