1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

Tags

Signatures

• RedLine

  Description

  RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  Tags

  infostealerredline

• RedLine Payload

• suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

  Description

  suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

  Tags

  suricata

• suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

  Description

  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

  Tags

  suricata

• Downloads MZ/PE file

• Executes dropped EXE

• Reads user/profile data of web browsers

  Description

  Infostealers often target stored browser data, which can include saved credentials etc.

  Tags

  spywarestealer

  TTPs

  Data from Local System Credentials in Files

• Accesses cryptocurrency files/wallets, possible credential harvesting

  Tags

  spyware

  TTPs

  Data from Local System Credentials in Files

• Checks installed software on the system

  Description

  Looks up Uninstall key entries in the registry to enumerate software on the system.

  Tags

  discovery

  TTPs

  Query Registry

• Legitimate hosting services abused for malware hosting/C2

  TTPs

  Web Service

Related Tasks