redline | 53028e41d47860f3e85545cf6f58f69096412c5b0d24cd625f3ecdfb420bcb1d | Triage

Sharing

General

Target

53028e41d47860f3e85545cf6f58f69096412c5b0d24cd625f3ecdfb420bcb1d
Size

345KB
Sample

221111-wzkcfahg27
MD5

75456f7e25d9efed9ce47092a39e8a28
SHA1

ac7c455a206f9ea47ef27dfd73cbcd0e32c635f7
SHA256

53028e41d47860f3e85545cf6f58f69096412c5b0d24cd625f3ecdfb420bcb1d
SHA512

f1c5584f2349aad9afbbd122a2a604f91b5cbcc7d52ae30f78867a270ed9a29e09e6d5212d43d03df563eaac0e6396aa2eee03ce18268c61942c05165fd371cb
SSDEEP

6144:fF9XhpBLC4UzCfVif3h0rp3n/vNY6jQTOArQdowlHH27Hg12:fF9RpB24U+tiPSdnG6jEmCiH

Score

10^/10

redline neruzki discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes

auth_value
be14ae67c6dd227f622680a27ea42452

Targets

- Target
  
  53028e41d47860f3e85545cf6f58f69096412c5b0d24cd625f3ecdfb420bcb1d
- Size
  
  345KB
- MD5
  
  75456f7e25d9efed9ce47092a39e8a28
- SHA1
  
  ac7c455a206f9ea47ef27dfd73cbcd0e32c635f7
- SHA256
  
  53028e41d47860f3e85545cf6f58f69096412c5b0d24cd625f3ecdfb420bcb1d
- SHA512
  
  f1c5584f2349aad9afbbd122a2a604f91b5cbcc7d52ae30f78867a270ed9a29e09e6d5212d43d03df563eaac0e6396aa2eee03ce18268c61942c05165fd371cb
- SSDEEP
  
  6144:fF9XhpBLC4UzCfVif3h0rp3n/vNY6jQTOArQdowlHH27Hg12:fF9RpB24U+tiPSdnG6jEmCiH
Score

10^/10

redline neruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzkidiscoveryinfostealerspywarestealer