1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

Target

Size

664KB

Sample

211125-t9kpvafgfr

Score

10 ^/10

MD5

cfaa5e874a19d53d5ce7a891b19ac118

SHA1

ccba32b8db6ee40aa674aca6873d114f568dac88

SHA256

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

SHA512

e856a90977178d1fc19aa9d7e567559a92ff0aed60885bc9d382814d8c10189c55c28ed28423604e0dd2cf6eac8d3b4975b4bee190672ed4a5bc3172d0c6927c

Extracted

Family	redline
Botnet	25.11
C2	185.215.113.17:7700 185.215.113.17:7700

Target

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

MD5

cfaa5e874a19d53d5ce7a891b19ac118

Filesize

664KB

Score

10^/10

SHA1

ccba32b8db6ee40aa674aca6873d114f568dac88

SHA256

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

SHA512

e856a90977178d1fc19aa9d7e567559a92ff0aed60885bc9d382814d8c10189c55c28ed28423604e0dd2cf6eac8d3b4975b4bee190672ed4a5bc3172d0c6927c

Signatures

RedLine
Description

RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Tags

infostealer redline
RedLine Payload
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
Description

suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
Tags

suricata
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Description

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Tags

suricata
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry
Legitimate hosting services abused for malware hosting/C2
TTPs

Web Service

Related Tasks

behavioral1

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Web Service

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

redline 25.11 discovery infostealer spyware stealer suricata

10^/10

Extracted

Tags

Signatures

RedLine

Description

Tags

RedLine Payload

suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

Description

Tags

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Description

Tags

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Legitimate hosting services abused for malware hosting/C2

TTPs

Related Tasks

static1

behavioral1