redline | b205d934150c3148b352e89367e4ef899822454d9a54cc57602b54c26bda7278 | Triage

Sharing

General

Target

New_Soft.zipx
Size

5.6MB
Sample

230212-yg72wsfe5v
MD5

79fec01224eefec388fd00aee1c2c552
SHA1

8ba442eba1143f7b6a79c3c4abbe89191da580f1
SHA256

b205d934150c3148b352e89367e4ef899822454d9a54cc57602b54c26bda7278
SHA512

cc87bcfb5cb6bffe395ba065d8821cf311796a33d9298057a89d3e9c72e32ba06b9ed1609e202505ef5d4be076d8c421d9251b02e197dd25acea5cf0a01a3e34
SSDEEP

98304:VEAdQpVgvu+GL7wv+yWdoHCjA54uenS3ikJa+0LRKBwKXy5bNysiusahlybDj52r:y0iVquPw+y4oHCjA54RRm109chyxEGDH

Score

10^/10

redline newz0rm1on discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

newz0rm1on

C2

82.115.223.77:38358

Attributes

auth_value
8166a4b9c70505f13b3ba63710a27a5f

Targets

- Target
  
  New Soft/Installer.exe
- Size
  
  533.1MB
- MD5
  
  a2c5f3a8b6bf9b2755107296705606ea
- SHA1
  
  469e621c7fa66ae1c4ab5aeb62f2cecc51c62232
- SHA256
  
  9dbba8fe1bb28f186aa36af8ef5daebdd078c485cf9539927e5848a28faf6377
- SHA512
  
  f3700987ba04afeba1f9614bbbdc721cfbcd127108e4177c3373f8d8a2b9c3f99d875ddfb5c8c9fc60aac754ad58ef40c8a21c4847805290c7859286d51fc8fb
- SSDEEP
  
  6144:0CCF4KsWTQZdKUSwinRHHKCKizMIuIhbZiDDTM/:jK4TM/
Score

10^/10

redline newz0rm1on discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  New Soft/kеy.dll
- Size
  
  18.3MB
- MD5
  
  5b5be8106983231c30e6a92d581cbe1e
- SHA1
  
  3f076c812105347d345c75eb13afb710bcfc3190
- SHA256
  
  c447b44113b6794c08a23e8f3af57e19e6404998d3e0decb6294598d31b4de9e
- SHA512
  
  de40e3087a168b33e3fbacf44f4dcac2b6ed696a1dc7e58f7c5c332c86c776bd79e7d7220dd004fc604e5c33c8e4da8add6351fab514c6486b3999ae95c5e781
- SSDEEP
  
  49152:qJ+tj8J+tj8J+tj8J+tj8J+tj8J+tj8J+tjZ:T
Score

1^/10
behavioral3 behavioral4
- Target
  
  New Soft/msсomctll.ocx
- Size
  
  1.0MB
- MD5
  
  d268668751ee22997d7ef1417034cb04
- SHA1
  
  d8a87438ab0df47fe252b06162a986399cafffe1
- SHA256
  
  fac6736251d3c61ecbd63be0420d1c75d5cd0442181d479013330155ca37d358
- SHA512
  
  75f40cc8c92e3fcdd381669f6aa0bf1e76ee6fec0c5cbf53ea0bbfbff199ac7229fc1405f737420badd24f438b49b8d2eed2bb0f3fad0bf8a974f54bd6964a34
- SSDEEP
  
  24576:TcqSrNXsCxx927qRC33KjjnZRqPnFqRo7w3zgyZdt+:TCXjx/2G9cv77EnM
Score

1^/10
behavioral5 behavioral6
- Target
  
  New Soft/sсriрts/binkawin.asi
- Size
  
  55KB
- MD5
  
  d51b5b46735b25c2d8372608159ed1a9
- SHA1
  
  2c178740901103d66a59131e19548d84c44fa768
- SHA256
  
  dd68562b5e4686e1a07603057db7a12040821beadd81d142bfb6a57d2de45ddb
- SHA512
  
  7c9a856fea8f7d4bddfc2b67724b475f7561979fbcf088ef2ce839e7c10870920ab4ea6b7d29254ab9d585a917eff5481c73644290350265682c627ab8fa110b
- SSDEEP
  
  1536:Ed01XORcuxj9ijJ644BXOpmE88Y+xs9PuMLHXwbJoeQ3fr:S0tOJxj9GJ644l2m78pm5uMLHX
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenewz0rm1ondiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8