redline

General

Target

fa3a6951f4b02f9028aad489b82b9f421451c5667c26a84f1987b964edcd06e2
Size

5.8MB
Sample

221029-28y5vabcb9
MD5

0a3f6b0ed66ebb45b56dfbac3f41c597
SHA1

81d9add5e2a02969cf9510a75d65dba51b550a17
SHA256

fa3a6951f4b02f9028aad489b82b9f421451c5667c26a84f1987b964edcd06e2
SHA512

019f959fd75e614f6572ef857e3d68c0152271f5fa67aab66803f24540c61b11f78bff1b99e76e4ad138f9da316c5f190f7e3c73be10a1832be73752ef9c720d
SSDEEP

49152:0PFJCvLqOaSTK5ISawpVpVliC8Tkxh0eseUpfJTNEM2wjV62DC9R:0PFsjqOaSFUXklNzDC9R

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

CHUBAKA

C2

77.73.133.87:25907

Attributes

auth_value
1317d86704d0c967986f3aa7c5c95a1a

Targets

- Target
  
  fa3a6951f4b02f9028aad489b82b9f421451c5667c26a84f1987b964edcd06e2
- Size
  
  5.8MB
- MD5
  
  0a3f6b0ed66ebb45b56dfbac3f41c597
- SHA1
  
  81d9add5e2a02969cf9510a75d65dba51b550a17
- SHA256
  
  fa3a6951f4b02f9028aad489b82b9f421451c5667c26a84f1987b964edcd06e2
- SHA512
  
  019f959fd75e614f6572ef857e3d68c0152271f5fa67aab66803f24540c61b11f78bff1b99e76e4ad138f9da316c5f190f7e3c73be10a1832be73752ef9c720d
- SSDEEP
  
  49152:0PFJCvLqOaSTK5ISawpVpVliC8Tkxh0eseUpfJTNEM2wjV62DC9R:0PFsjqOaSFUXklNzDC9R
Score

10^/10

redline chubaka discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2