redline | b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98 | Triage

Sharing

General

Target

b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
Size

309KB
Sample

220905-k8621shad4
MD5

eb373d93505490dfa9fe940dd56ca4c1
SHA1

b48d97df69d8c39a0d4e4608945eef60a8bf0998
SHA256

b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
SHA512

44e5648fa5fccbcfaedf8c4a6ffd9c257d983f6e203ba5e01ef2621bd281ea6a3762412d52cf5f1aece1f758ae5e5c20db21fea63eb8b55996be70abc0ec2242
SSDEEP

6144:RXc4XfGMbzc9X+d6WJmIen7GjGBg+vKojFtzjuNVZJpw+:tXN09Xy70fn75B1tjFtzsJ

Score

10^/10

redline lyllkal.05.09 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Lyllkal.05.09

C2

185.215.113.216:21921

Attributes

auth_value
2df530f82cb4bd0f6bef5527a1d5de70

Targets

- Target
  
  b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
- Size
  
  309KB
- MD5
  
  eb373d93505490dfa9fe940dd56ca4c1
- SHA1
  
  b48d97df69d8c39a0d4e4608945eef60a8bf0998
- SHA256
  
  b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
- SHA512
  
  44e5648fa5fccbcfaedf8c4a6ffd9c257d983f6e203ba5e01ef2621bd281ea6a3762412d52cf5f1aece1f758ae5e5c20db21fea63eb8b55996be70abc0ec2242
- SSDEEP
  
  6144:RXc4XfGMbzc9X+d6WJmIen7GjGBg+vKojFtzjuNVZJpw+:tXN09Xy70fn75B1tjFtzsJ
Score

10^/10

redline lyllkal.05.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyllkal.05.09discoveryinfostealerspywarestealer