redline | 865a96b5e257cdef58583992b281352e49a3ca98e1eaacd57276b0e1ed5f9092 | Triage

Sharing

General

Target

file.exe
Size

373KB
Sample

221116-zgzwysch25
MD5

46e141419a21a428b8c038964f265e57
SHA1

7cec7420316360009d6df8a682fdabd3958b05c9
SHA256

865a96b5e257cdef58583992b281352e49a3ca98e1eaacd57276b0e1ed5f9092
SHA512

ab0e8b3146c329791086032232482c299f1e2d2893df5a5e3d73296c7014f5e04402f20e13d58b6213c0ed3c5a6a8eb21a30ca0fbd46dd6f2dcd0e4931c0d727
SSDEEP

6144:1euLBLHU4M8JfSApgTYnFEIVv24T71Z2HhljagMZQ9btASdu+WAVROzxGb:1nNDU4ME6HTYKI924+h5a9ZQxtAV+WAl

Score

10^/10

redline neruz discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

neruz

C2

193.106.191.27:47242

Attributes

auth_value
0169a8759f3c9be473f782b96a6ff704

Targets

- Target
  
  file.exe
- Size
  
  373KB
- MD5
  
  46e141419a21a428b8c038964f265e57
- SHA1
  
  7cec7420316360009d6df8a682fdabd3958b05c9
- SHA256
  
  865a96b5e257cdef58583992b281352e49a3ca98e1eaacd57276b0e1ed5f9092
- SHA512
  
  ab0e8b3146c329791086032232482c299f1e2d2893df5a5e3d73296c7014f5e04402f20e13d58b6213c0ed3c5a6a8eb21a30ca0fbd46dd6f2dcd0e4931c0d727
- SSDEEP
  
  6144:1euLBLHU4M8JfSApgTYnFEIVv24T71Z2HhljagMZQ9btASdu+WAVROzxGb:1nNDU4ME6HTYKI924+h5a9ZQxtAV+WAl
Score

10^/10

redline neruz discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineneruzdiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer