redline | 3cf3a0c43f4630fa929fa70533223b46ad5eb4da8d350cf025e1e782921b825b | Triage

Sharing

General

Target

3cf3a0c43f4630fa929fa70533223b46ad5eb4da8d350cf025e1e782921b825b.exe
Size

345KB
Sample

221114-bbertsea68
MD5

8456906bd62fddcaeababe8413137391
SHA1

3d67059e62d04c1e0ac8cfd4f87d37e644b31783
SHA256

3cf3a0c43f4630fa929fa70533223b46ad5eb4da8d350cf025e1e782921b825b
SHA512

22eab7ed817c205bd96fefc77cf699e6c06bfd53ace5ebb52756eea27a79b2f5bbd6f54676c2599e7a1388f808e7f5a516343e3fc2d2f7f6634ff6fe971ac6af
SSDEEP

6144:8N9XfnVLO8uD0jk4GjZ9F+Pe9SYa2KvIhzmXK/:8N9XfnVq8uDd4GjHEPeRKSmX

Score

10^/10

redline neruzki discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes

auth_value
be14ae67c6dd227f622680a27ea42452

Targets

- Target
  
  3cf3a0c43f4630fa929fa70533223b46ad5eb4da8d350cf025e1e782921b825b.exe
- Size
  
  345KB
- MD5
  
  8456906bd62fddcaeababe8413137391
- SHA1
  
  3d67059e62d04c1e0ac8cfd4f87d37e644b31783
- SHA256
  
  3cf3a0c43f4630fa929fa70533223b46ad5eb4da8d350cf025e1e782921b825b
- SHA512
  
  22eab7ed817c205bd96fefc77cf699e6c06bfd53ace5ebb52756eea27a79b2f5bbd6f54676c2599e7a1388f808e7f5a516343e3fc2d2f7f6634ff6fe971ac6af
- SSDEEP
  
  6144:8N9XfnVLO8uD0jk4GjZ9F+Pe9SYa2KvIhzmXK/:8N9XfnVq8uDd4GjHEPeRKSmX
Score

10^/10

redline neruzki discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzkidiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer