redline | 5d3ddea9135eedd444a8977713261b34cfaad6d761e987c771c839f516bb09aa | Triage

Sharing

General

Target

a580689cd00c223a0aebb6073af5b25e.exe
Size

133KB
Sample

220911-zrj89acbf8
MD5

a580689cd00c223a0aebb6073af5b25e
SHA1

f812e7b7227eee93d8aa945341348c76340803c6
SHA256

5d3ddea9135eedd444a8977713261b34cfaad6d761e987c771c839f516bb09aa
SHA512

a676053d09692167c113e8e8fa6737b39cee1dea9928bd172d0485f66eb6195d39e39b47cecb4966f3fb758d9d2d5ecd003e161f4aa3ac3ea0fb57f402bd89d3
SSDEEP

3072:hitR77ftnBjzi+KJI2Pbj7sTt8P7diSSadcGk1ZSvaGWp:hw79BjzQjPbj7gt8sYdTvaG

Score

10^/10

redline lyllkal.05.09 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Lyllkal.05.09

C2

185.215.113.216:21921

Attributes

auth_value
2df530f82cb4bd0f6bef5527a1d5de70

Targets

- Target
  
  a580689cd00c223a0aebb6073af5b25e.exe
- Size
  
  133KB
- MD5
  
  a580689cd00c223a0aebb6073af5b25e
- SHA1
  
  f812e7b7227eee93d8aa945341348c76340803c6
- SHA256
  
  5d3ddea9135eedd444a8977713261b34cfaad6d761e987c771c839f516bb09aa
- SHA512
  
  a676053d09692167c113e8e8fa6737b39cee1dea9928bd172d0485f66eb6195d39e39b47cecb4966f3fb758d9d2d5ecd003e161f4aa3ac3ea0fb57f402bd89d3
- SSDEEP
  
  3072:hitR77ftnBjzi+KJI2Pbj7sTt8P7diSSadcGk1ZSvaGWp:hw79BjzQjPbj7gt8sYdTvaG
Score

10^/10

redline lyllkal.05.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyllkal.05.09discoveryinfostealerspywarestealer

behavioral2

redlinelyllkal.05.09discoveryinfostealerspywarestealer