redline | b1c40ded5b798303fc9ee12e12f58ed66288f87b952812aff63b9c0cf0e07811 | Triage

Sharing

General

Target

b1c40ded5b798303fc9ee12e12f58ed66288f87b952812aff63b9c0cf0e07811
Size

481KB
Sample

220926-nq59jsbggm
MD5

20585a9206f748dba754f099434f7628
SHA1

e55f5ed8987887693a393d6dd1600a5bd7a45461
SHA256

b1c40ded5b798303fc9ee12e12f58ed66288f87b952812aff63b9c0cf0e07811
SHA512

50dbbcac963a60d4e3a9acf1ddf55170771158ef1e54bb624ac25679d6168128cfab6fd492e64926e25fd98c64c507210a7ef8d3463097756e9924b87178721c
SSDEEP

6144:A3BjzXUpw+zudOSfujGKzxB889ltc5r6N2tHB:iYpSfY

Score

10^/10

redline lyla.22.09 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Lyla.22.09

C2

185.215.113.216:21921

Attributes

auth_value
2f19888cb6bad7fdc46df91dc06aacc5

Targets

- Target
  
  b1c40ded5b798303fc9ee12e12f58ed66288f87b952812aff63b9c0cf0e07811
- Size
  
  481KB
- MD5
  
  20585a9206f748dba754f099434f7628
- SHA1
  
  e55f5ed8987887693a393d6dd1600a5bd7a45461
- SHA256
  
  b1c40ded5b798303fc9ee12e12f58ed66288f87b952812aff63b9c0cf0e07811
- SHA512
  
  50dbbcac963a60d4e3a9acf1ddf55170771158ef1e54bb624ac25679d6168128cfab6fd492e64926e25fd98c64c507210a7ef8d3463097756e9924b87178721c
- SSDEEP
  
  6144:A3BjzXUpw+zudOSfujGKzxB889ltc5r6N2tHB:iYpSfY
Score

10^/10

redline lyla.22.09 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyla.22.09discoveryinfostealerspywarestealer