redline | cd2e85e7e4bd93de995663d0dd6737ecaf38948b886e64ce14815fb155e32e1b | Triage

Sharing

General

Target

12cacdee2734ea6367c4dbcbaf3ec0b5.exe
Size

169KB
Sample

220916-j5jxmsaggq
MD5

12cacdee2734ea6367c4dbcbaf3ec0b5
SHA1

30d631de6f5e0368a5105055ddf8ace224a0cbed
SHA256

cd2e85e7e4bd93de995663d0dd6737ecaf38948b886e64ce14815fb155e32e1b
SHA512

e7d3adf16640b3e70e4c48aa9080b5c8c83ca7c03673ca72a306cdc027b15b0de9d5e1c551c46a8d9dbf3d44c11f6384ed9c922355005b06b4a912a6b1f93551
SSDEEP

3072:NFP9GhxwVtZCrTT1BjzHcq7YUQIrcmINRYNCPEe:X9OwrMxBjzH+eoR9j

Score

10^/10

redline lyla3.12.09 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Lyla3.12.09

C2

185.215.113.216:21921

Attributes

auth_value
893298c4bebea403e4a59dd151c4fcc2

Targets

- Target
  
  12cacdee2734ea6367c4dbcbaf3ec0b5.exe
- Size
  
  169KB
- MD5
  
  12cacdee2734ea6367c4dbcbaf3ec0b5
- SHA1
  
  30d631de6f5e0368a5105055ddf8ace224a0cbed
- SHA256
  
  cd2e85e7e4bd93de995663d0dd6737ecaf38948b886e64ce14815fb155e32e1b
- SHA512
  
  e7d3adf16640b3e70e4c48aa9080b5c8c83ca7c03673ca72a306cdc027b15b0de9d5e1c551c46a8d9dbf3d44c11f6384ed9c922355005b06b4a912a6b1f93551
- SSDEEP
  
  3072:NFP9GhxwVtZCrTT1BjzHcq7YUQIrcmINRYNCPEe:X9OwrMxBjzH+eoR9j
Score

10^/10

redline lyla3.12.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyla3.12.09discoveryinfostealerspywarestealer

behavioral2

redlinelyla3.12.09discoveryinfostealerspywarestealer