redline | 67d95733eb6f0e24ceb38a6220ffc31fc1de39b2d7e6cd30acc38f221c2529f1 | Triage

Sharing

General

Target

67d95733eb6f0e24ceb38a6220ffc31fc1de39b2d7e6cd30acc38f221c2529f1.exe
Size

504KB
Sample

221113-wx4y3acc34
MD5

70dae664c9ee8b1efe8e314fe8f64927
SHA1

039b363ff2169fe0b773ec8ab5ae105356bb17df
SHA256

67d95733eb6f0e24ceb38a6220ffc31fc1de39b2d7e6cd30acc38f221c2529f1
SHA512

6c0db40b44adacc092314b5805aa79c893e63e1be07d93450f9bca4319bf5c7ce1bf0328d038020e9b420a2deffc2c4497041eec7200f8b35cd5c43fd7cc80d4
SSDEEP

6144:uKvYgjXGB0LNvpQEohy3OboCZHC78FMZL6AodIjB/7GJeaOXkMuIOEVXwOu1ql:ucl/ZvpoyYzc7TZG3EB/mVOXkMuAUql

Score

10^/10

redline neruzki discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes

auth_value
be14ae67c6dd227f622680a27ea42452

Targets

- Target
  
  67d95733eb6f0e24ceb38a6220ffc31fc1de39b2d7e6cd30acc38f221c2529f1.exe
- Size
  
  504KB
- MD5
  
  70dae664c9ee8b1efe8e314fe8f64927
- SHA1
  
  039b363ff2169fe0b773ec8ab5ae105356bb17df
- SHA256
  
  67d95733eb6f0e24ceb38a6220ffc31fc1de39b2d7e6cd30acc38f221c2529f1
- SHA512
  
  6c0db40b44adacc092314b5805aa79c893e63e1be07d93450f9bca4319bf5c7ce1bf0328d038020e9b420a2deffc2c4497041eec7200f8b35cd5c43fd7cc80d4
- SSDEEP
  
  6144:uKvYgjXGB0LNvpQEohy3OboCZHC78FMZL6AodIjB/7GJeaOXkMuIOEVXwOu1ql:ucl/ZvpoyYzc7TZG3EB/mVOXkMuAUql
Score

10^/10

redline neruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzkidiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer