redline

General

Target

Crypto.rar
Size

216KB
Sample

221106-baklpaadg7
MD5

64721492da2d3e25d649dee590a16688
SHA1

e3d6b49b2d6dcfe16b6de0c9eca0aeb294b15037
SHA256

7c96038502d761cbeac106b812380d407940afe16a2677df7fad33d6ee142c18
SHA512

5c789cdd26ccb09cf4e516f4d5203946c380577db2a0412c924cf265e05f449d2795508835f2a1c3a1535443f802974f48f03ead2a4b8136bf0f2223f37fb617
SSDEEP

6144:LyDz+NgucGQGM5g5EE+GOcmt7qog+caUhsG6uHZ:eDz+CulMmScmt7qoJUt

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

ubivca

C2

185.106.92.228:24221

Attributes

auth_value
43ba5caf87c83f17aa82312a2b9ec2de

Targets

- Target
  
  Crypto2022.exe
- Size
  
  350KB
- MD5
  
  35a8a62ef9d13c5c9b4d394116773609
- SHA1
  
  78625028c550a8d9d1c7c7aef52ae98c9728f70b
- SHA256
  
  a0ac355c321bb962cd3d0825f3caabfd4e6c9fd847d15ca72ce4bffbcf617c23
- SHA512
  
  0682e346ddbf6dc27a65db3e1a33c392c4736ab2552d6fcab6d3ee43856dcbe4a75f79977ba7abda23b0a317452f7b72755b4c6e15ea5e242e2b8e01ae16f2ed
- SSDEEP
  
  6144:3c1o7hv9QAMuezq0BHH0DBYXmgwC1AOUw5HvxahMo0/63IG3clQem9K23TkRZYVl:3c1od9QAMuezq7FzyaSvcMofXMY9KOIu
Score

10^/10

redline ubivca infostealer spyware stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

1

T1102

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2