redline | 1ba281bb17b3859c4b3905e405ae40b5349ed20ffa1ae7d9c8504db40f6cbdc4 | Triage

Sharing

General

Target

1ba281bb17b3859c4b3905e405ae40b5349ed20ffa1ae7d9c8504db40f6cbdc4
Size

143KB
Sample

220909-h1wvzagff8
MD5

34e64e81d441e798ba74bc4dd267c279
SHA1

02470dae54aa93ddc8c3f75bab5d9a576c466707
SHA256

1ba281bb17b3859c4b3905e405ae40b5349ed20ffa1ae7d9c8504db40f6cbdc4
SHA512

f8f92e4a734c221b228292f8d214a967445d52d176210e4b35dbfca1cff08861db55276c9ee7b9595b9d1b94907057ac8dc8938da6fbdb6f2fc5f64c0d15f20c
SSDEEP

3072:WG3JxBjzZg8SgeiD1VVeqwx2A/qO1OuQQAoD0wjF4LUAJke:B3DBjzZPSgeiD1VVeqwxz/qO1OcLdF4Z

Score

10^/10

redline lyllkal.05.09 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Lyllkal.05.09

C2

185.215.113.216:21921

Attributes

auth_value
2df530f82cb4bd0f6bef5527a1d5de70

Targets

- Target
  
  1ba281bb17b3859c4b3905e405ae40b5349ed20ffa1ae7d9c8504db40f6cbdc4
- Size
  
  143KB
- MD5
  
  34e64e81d441e798ba74bc4dd267c279
- SHA1
  
  02470dae54aa93ddc8c3f75bab5d9a576c466707
- SHA256
  
  1ba281bb17b3859c4b3905e405ae40b5349ed20ffa1ae7d9c8504db40f6cbdc4
- SHA512
  
  f8f92e4a734c221b228292f8d214a967445d52d176210e4b35dbfca1cff08861db55276c9ee7b9595b9d1b94907057ac8dc8938da6fbdb6f2fc5f64c0d15f20c
- SSDEEP
  
  3072:WG3JxBjzZg8SgeiD1VVeqwx2A/qO1OuQQAoD0wjF4LUAJke:B3DBjzZPSgeiD1VVeqwxz/qO1OcLdF4Z
Score

10^/10

redline lyllkal.05.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyllkal.05.09discoveryinfostealerspywarestealer