redline | d9f03a142d11c22b9a4d6f672d4d2733d01b9ef3a7d4760910f7c1f766daef0e | Triage

Sharing

General

Target

9547dd1fc88dc8cef6210d82b3ed0ad8.exe
Size

145KB
Sample

220916-jbtjzsehh7
MD5

9547dd1fc88dc8cef6210d82b3ed0ad8
SHA1

38eedb531c5ecab6fd3d3f585d7760ee4c5b2d81
SHA256

d9f03a142d11c22b9a4d6f672d4d2733d01b9ef3a7d4760910f7c1f766daef0e
SHA512

23751bad429149f3e0e0507a62ab043a1dd914ad9f5ff630024e452d9538feadbb257121b43fbc7adb7e937262155410028db4895c6ff9a21bafc681ca770ea4
SSDEEP

3072:Y7osI+wJBjzFpTfiP16pNydXSy26+dZCSfwXR4lAmwyktPIX:E9aBjzFpT6N6bydO9RUi

Score

10^/10

redline lyla3.12.09 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Lyla3.12.09

C2

185.215.113.216:21921

Attributes

auth_value
893298c4bebea403e4a59dd151c4fcc2

Targets

- Target
  
  9547dd1fc88dc8cef6210d82b3ed0ad8.exe
- Size
  
  145KB
- MD5
  
  9547dd1fc88dc8cef6210d82b3ed0ad8
- SHA1
  
  38eedb531c5ecab6fd3d3f585d7760ee4c5b2d81
- SHA256
  
  d9f03a142d11c22b9a4d6f672d4d2733d01b9ef3a7d4760910f7c1f766daef0e
- SHA512
  
  23751bad429149f3e0e0507a62ab043a1dd914ad9f5ff630024e452d9538feadbb257121b43fbc7adb7e937262155410028db4895c6ff9a21bafc681ca770ea4
- SSDEEP
  
  3072:Y7osI+wJBjzFpTfiP16pNydXSy26+dZCSfwXR4lAmwyktPIX:E9aBjzFpT6N6bydO9RUi
Score

10^/10

redline lyla3.12.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyla3.12.09discoveryinfostealerspywarestealer

behavioral2

redlinelyla3.12.09discoveryinfostealerspywarestealer