redline | 0ea8b89664e1ae2a4244f41b319464ee306e306964c404a411dfe2e5c0648daa | Triage

Sharing

General

Target

0ea8b89664e1ae2a4244f41b319464ee306e306964c404a411dfe2e5c0648daa.exe
Size

340KB
Sample

221111-t82lzahb35
MD5

4ee9f1742f85dbea0d71b324c9829a02
SHA1

6548bd789e27ddb3ec505a54be185347f94a12e7
SHA256

0ea8b89664e1ae2a4244f41b319464ee306e306964c404a411dfe2e5c0648daa
SHA512

fdb0eef47321652e2ffb762450f8c8ba1fab6e95e90ebcbaee1565e972bb8af4130d6902b9d3baccf97029c9f5208dc9c614a4a42d3ab7d79d8245009b6e0e02
SSDEEP

6144:yoZLL73/GT80FOtRY4l4wv/B8LcBrmVKxfb++/OB:y6nr/GiCwXa4BxxfbDO

Score

10^/10

redline neruzki discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes

auth_value
be14ae67c6dd227f622680a27ea42452

Targets

- Target
  
  0ea8b89664e1ae2a4244f41b319464ee306e306964c404a411dfe2e5c0648daa.exe
- Size
  
  340KB
- MD5
  
  4ee9f1742f85dbea0d71b324c9829a02
- SHA1
  
  6548bd789e27ddb3ec505a54be185347f94a12e7
- SHA256
  
  0ea8b89664e1ae2a4244f41b319464ee306e306964c404a411dfe2e5c0648daa
- SHA512
  
  fdb0eef47321652e2ffb762450f8c8ba1fab6e95e90ebcbaee1565e972bb8af4130d6902b9d3baccf97029c9f5208dc9c614a4a42d3ab7d79d8245009b6e0e02
- SSDEEP
  
  6144:yoZLL73/GT80FOtRY4l4wv/B8LcBrmVKxfb++/OB:y6nr/GiCwXa4BxxfbDO
Score

10^/10

redline neruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzkidiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer