redline | 9f50f7ccd3dffa9fe88330a55d7b94ac6c03c3320498e5b5337e0d08924791df | Triage

Sharing

General

Target

9f50f7ccd3dffa9fe88330a55d7b94ac6c03c3320498e5b5337e0d08924791df
Size

468KB
Sample

230213-ddtpwaad52
MD5

704f885c894b26366e97b2dc8581563a
SHA1

acaabb900382d88f7573880459dd01169aa6a95b
SHA256

9f50f7ccd3dffa9fe88330a55d7b94ac6c03c3320498e5b5337e0d08924791df
SHA512

7fb0be6c40a97e0d030ecb253851634389e1d352dea571aa86ce0ce4ae725ea01eba3ec908acabb669f3de198d3ea4090970ad0a5eb110404e2d009d40ab76a9
SSDEEP

12288:EMr5y90whv6XWTudLXz3cvd/NGyB23mCR:dy19632d7U3h

Score

10^/10

redline crnn fusa discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes

auth_value
a08b2f01bd2af756e38c5dd60e87e697

Extracted

Family

redline

Botnet

crnn

C2

176.113.115.17:4132

Attributes

auth_value
6dfbf5eac3db7046d55dfd3f6608be3f

Targets

- Target
  
  9f50f7ccd3dffa9fe88330a55d7b94ac6c03c3320498e5b5337e0d08924791df
- Size
  
  468KB
- MD5
  
  704f885c894b26366e97b2dc8581563a
- SHA1
  
  acaabb900382d88f7573880459dd01169aa6a95b
- SHA256
  
  9f50f7ccd3dffa9fe88330a55d7b94ac6c03c3320498e5b5337e0d08924791df
- SHA512
  
  7fb0be6c40a97e0d030ecb253851634389e1d352dea571aa86ce0ce4ae725ea01eba3ec908acabb669f3de198d3ea4090970ad0a5eb110404e2d009d40ab76a9
- SSDEEP
  
  12288:EMr5y90whv6XWTudLXz3cvd/NGyB23mCR:dy19632d7U3h
Score

10^/10

redline crnn fusa discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecrnnfusadiscoveryevasioninfostealerpersistencespywarestealertrojan