redline | ca2d4679f79af15419f615d23db7f55e89e7fd348c0cd082726e8742b1b4906a | Triage

Sharing

General

Target

ca2d4679f79af15419f615d23db7f55e89e7fd348c0cd082726e8742b1b4906a.exe
Size

428KB
Sample

221116-srsr3afg7z
MD5

c63e4269092b0850b7fca86e1e13d4b5
SHA1

8c70bec3dbf3c2194f50d740ecba1c840852967e
SHA256

ca2d4679f79af15419f615d23db7f55e89e7fd348c0cd082726e8742b1b4906a
SHA512

20dd67006bacf1a5dc3f8b7fe71618ddadb3583fc29e2d82f4bb40362fee83a17ba525f675f3838c89962582c4451f21ee9f0b4c5ba5db3b9ef604a5a0457454
SSDEEP

6144:jHxKLBQOKKhiqyZuCsyN3r7qkwhKXuh07e6tWg1YYVnhqyC/LjzEndTQ:jHoFQOKuPusyN3UKXB7e6tWchQvUdT

Score

10^/10

redline neruz discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruz

C2

193.106.191.27:47242

Attributes

auth_value
0169a8759f3c9be473f782b96a6ff704

Targets

- Target
  
  ca2d4679f79af15419f615d23db7f55e89e7fd348c0cd082726e8742b1b4906a.exe
- Size
  
  428KB
- MD5
  
  c63e4269092b0850b7fca86e1e13d4b5
- SHA1
  
  8c70bec3dbf3c2194f50d740ecba1c840852967e
- SHA256
  
  ca2d4679f79af15419f615d23db7f55e89e7fd348c0cd082726e8742b1b4906a
- SHA512
  
  20dd67006bacf1a5dc3f8b7fe71618ddadb3583fc29e2d82f4bb40362fee83a17ba525f675f3838c89962582c4451f21ee9f0b4c5ba5db3b9ef604a5a0457454
- SSDEEP
  
  6144:jHxKLBQOKKhiqyZuCsyN3r7qkwhKXuh07e6tWg1YYVnhqyC/LjzEndTQ:jHoFQOKuPusyN3UKXB7e6tWchQvUdT
Score

10^/10

redline neruz discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzdiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer