redline | 815a468a5c1583dc0acfb30ab3be2401c3d8cf0bbbc5bb1dd5f7a30a321acc1d | Triage

Sharing

General

Target

tmp
Size

175KB
Sample

230118-lek35aea58
MD5

217a9bc8298a3349d4f0848a6dbe4624
SHA1

3780b3fb1ad7cff8b6d2be61e73768b106364e61
SHA256

815a468a5c1583dc0acfb30ab3be2401c3d8cf0bbbc5bb1dd5f7a30a321acc1d
SHA512

32c66ada7eac2df93b7ed41699bc97ef2ab7faae5219d205f36aedf202c666f1bc88db8594f30a593da6ec6d187966f48e7e3689dcedda78aa1931caa6896296
SSDEEP

3072:axqZWBJaHEDgXFevxljHeigFPhETxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOh:IqZVFevnYPh

Score

10^/10

redline vertu discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

vertu

C2

62.204.41.159:4062

Attributes

auth_value
fcf83997f362e2cd45c3f3c30912dd41

Targets

- Target
  
  tmp
- Size
  
  175KB
- MD5
  
  217a9bc8298a3349d4f0848a6dbe4624
- SHA1
  
  3780b3fb1ad7cff8b6d2be61e73768b106364e61
- SHA256
  
  815a468a5c1583dc0acfb30ab3be2401c3d8cf0bbbc5bb1dd5f7a30a321acc1d
- SHA512
  
  32c66ada7eac2df93b7ed41699bc97ef2ab7faae5219d205f36aedf202c666f1bc88db8594f30a593da6ec6d187966f48e7e3689dcedda78aa1931caa6896296
- SSDEEP
  
  3072:axqZWBJaHEDgXFevxljHeigFPhETxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOh:IqZVFevnYPh
Score

10^/10

redline vertu discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinevertudiscoveryinfostealerspywarestealer

behavioral2

redlinevertudiscoveryinfostealerspywarestealer