redline | efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd | Triage

Sharing

General

Target

efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
Size

365KB
Sample

221116-mdvfvaeb2s
MD5

be7955b67d06612d9d33f2df855b5f86
SHA1

fcb55a5cf5534ba1a9b73015d799bc00e09d0b43
SHA256

efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
SHA512

170327c6d509c0a7c527f44b47b31a015b83567014c17cfabd14f60991a35dc3dc728b20955ae231263732b5750ffb92fd2d0a6e37e3ea2f68bf146cc5e6ad5b
SSDEEP

6144:/bgylmmLW0QizUVbGkCQMh7dwLzDafDJ4QbKnq4y0NJHk+eLy:jgQKizUNGka8Lv6t4QZ0NJEL

Score

10^/10

redline neruz discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruz

C2

193.106.191.27:47242

Attributes

auth_value
0169a8759f3c9be473f782b96a6ff704

Targets

- Target
  
  efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
- Size
  
  365KB
- MD5
  
  be7955b67d06612d9d33f2df855b5f86
- SHA1
  
  fcb55a5cf5534ba1a9b73015d799bc00e09d0b43
- SHA256
  
  efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
- SHA512
  
  170327c6d509c0a7c527f44b47b31a015b83567014c17cfabd14f60991a35dc3dc728b20955ae231263732b5750ffb92fd2d0a6e37e3ea2f68bf146cc5e6ad5b
- SSDEEP
  
  6144:/bgylmmLW0QizUVbGkCQMh7dwLzDafDJ4QbKnq4y0NJHk+eLy:jgQKizUNGka8Lv6t4QZ0NJEL
Score

10^/10

redline neruz discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzdiscoveryinfostealerspywarestealer