redline | e851c770d0fa47b42bd3ac39216cccfb39cb62c042a484043ea5af7499aa6f78 | Triage

Sharing

General

Target

e851c770d0fa47b42bd3ac39216cccfb39cb62c042a484043ea5af7499aa6f78
Size

719KB
Sample

230212-psth7sdd6s
MD5

44c22934ba55701e5c304fef72fa1ab6
SHA1

084e280c676ef3373bbd2af43dee8e962a9a512d
SHA256

e851c770d0fa47b42bd3ac39216cccfb39cb62c042a484043ea5af7499aa6f78
SHA512

51943f406e51699b542eec742c31b135a811b4d8d73dbc58682f2b33e23ed308bd71f24020c6f880c5f3531c9e9fb5750e0a3c473e828cfff6191c431785f2f6
SSDEEP

12288:GMr7y90t0aUs7dGd0W1U/RvVeX1jRYl8kbfIP9X1ZcbIdIQCrgl1ycbA:Fyo0zCO0W1UJ9sKl8kbfIFjcbIdIQC8w

Score

10^/10

redline fusa discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes

auth_value
a08b2f01bd2af756e38c5dd60e87e697

Targets

- Target
  
  e851c770d0fa47b42bd3ac39216cccfb39cb62c042a484043ea5af7499aa6f78
- Size
  
  719KB
- MD5
  
  44c22934ba55701e5c304fef72fa1ab6
- SHA1
  
  084e280c676ef3373bbd2af43dee8e962a9a512d
- SHA256
  
  e851c770d0fa47b42bd3ac39216cccfb39cb62c042a484043ea5af7499aa6f78
- SHA512
  
  51943f406e51699b542eec742c31b135a811b4d8d73dbc58682f2b33e23ed308bd71f24020c6f880c5f3531c9e9fb5750e0a3c473e828cfff6191c431785f2f6
- SSDEEP
  
  12288:GMr7y90t0aUs7dGd0W1U/RvVeX1jRYl8kbfIP9X1ZcbIdIQCrgl1ycbA:Fyo0zCO0W1UJ9sKl8kbfIFjcbIdIQC8w
Score

10^/10

redline fusa discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefusadiscoveryinfostealerpersistencespywarestealer