redline | 435004fae2c706ab642c000d31ba4d4c126e2764c7ebc9b9acf4c8f75909f2a2 | Triage

Sharing

General

Target

435004fae2c706ab642c000d31ba4d4c126e2764c7ebc9b9acf4c8f75909f2a2
Size

346KB
Sample

221115-13488sca6z
MD5

e07ce214080ae0ae987866c3169b1084
SHA1

19365c60a7e2f2c521229fe12d57da52cae402cb
SHA256

435004fae2c706ab642c000d31ba4d4c126e2764c7ebc9b9acf4c8f75909f2a2
SHA512

a92e4a6a77834f841e1b6d6c51bac14c2c28b1a494d28c216bc73be78d8c7bdf5030027ddf6767014b0853a9a39f466a3b0424cfdb347a0454d13ea5733fcbe5
SSDEEP

6144:ygA0RPfqWdDPESdEKgO7UMjzW7k20SNnOyICkX0stsce:yghNdzxTQ9Nn2X0

Score

10^/10

redline neruz discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruz

C2

193.106.191.27:47242

Attributes

auth_value
0169a8759f3c9be473f782b96a6ff704

Targets

- Target
  
  435004fae2c706ab642c000d31ba4d4c126e2764c7ebc9b9acf4c8f75909f2a2
- Size
  
  346KB
- MD5
  
  e07ce214080ae0ae987866c3169b1084
- SHA1
  
  19365c60a7e2f2c521229fe12d57da52cae402cb
- SHA256
  
  435004fae2c706ab642c000d31ba4d4c126e2764c7ebc9b9acf4c8f75909f2a2
- SHA512
  
  a92e4a6a77834f841e1b6d6c51bac14c2c28b1a494d28c216bc73be78d8c7bdf5030027ddf6767014b0853a9a39f466a3b0424cfdb347a0454d13ea5733fcbe5
- SSDEEP
  
  6144:ygA0RPfqWdDPESdEKgO7UMjzW7k20SNnOyICkX0stsce:yghNdzxTQ9Nn2X0
Score

10^/10

redline neruz discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzdiscoveryinfostealerspywarestealer