redline | 5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a | Triage

Sharing

General

Target

5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a.exe
Size

316KB
Sample

221110-y6pa3sfehl
MD5

c50393799580bd00a1450eed16f976da
SHA1

7006f69c5817b7b5f4c1576e4c78b653a3ce7c17
SHA256

5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a
SHA512

3105b9776a414125c2a74ddd96a6457017d22c89a29955ab3a09a1ad3eb5123b112702b6175b483f36f4c94309593ba324391352ee4a9e936f41991cebe53273
SSDEEP

6144:RYALf35aF9eTToNhsCxVdlK+Fx8Bgrb47SNzLdG1gbvMaee:RYAb35ar+oNhs0HlK+T0grcGNzLE05

Score

10^/10

redline neruzki discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes

auth_value
be14ae67c6dd227f622680a27ea42452

Targets

- Target
  
  5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a.exe
- Size
  
  316KB
- MD5
  
  c50393799580bd00a1450eed16f976da
- SHA1
  
  7006f69c5817b7b5f4c1576e4c78b653a3ce7c17
- SHA256
  
  5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a
- SHA512
  
  3105b9776a414125c2a74ddd96a6457017d22c89a29955ab3a09a1ad3eb5123b112702b6175b483f36f4c94309593ba324391352ee4a9e936f41991cebe53273
- SSDEEP
  
  6144:RYALf35aF9eTToNhsCxVdlK+Fx8Bgrb47SNzLdG1gbvMaee:RYAb35ar+oNhs0HlK+T0grcGNzLE05
Score

10^/10

redline neruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzkidiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer