redline | b1074a62fad9635b15c250a444691632a773b9302539e07ae72a17ab8e79b30c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1074a62fad9635b15c250a444691632a773b9302539e07ae72a17ab8e79b30c
Size

470KB
Sample

230214-jl2ncabg62
MD5

6df0f4a03b8592df8e0ec5beca90b2b3
SHA1

00b71f7f80b5fdc37ea270c300ff311ca97fb7ad
SHA256

b1074a62fad9635b15c250a444691632a773b9302539e07ae72a17ab8e79b30c
SHA512

24c6e176b14335da1c6e5cd0a06e72463bd88e1e89f35313b5a6edb887ecf685ab7d5b1ee8e1a257b1e00223af4c96e512e1cf6a4999920f232a1de2b1afe1d0
SSDEEP

12288:+MrIy90LPoBTc6TikeaOqBjHyNbSyWjl+HwjUo4UF:Wy4PoBw6fTHyy+HUUo4U

Score

10^/10

redline fukia discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  b1074a62fad9635b15c250a444691632a773b9302539e07ae72a17ab8e79b30c
- Size
  
  470KB
- MD5
  
  6df0f4a03b8592df8e0ec5beca90b2b3
- SHA1
  
  00b71f7f80b5fdc37ea270c300ff311ca97fb7ad
- SHA256
  
  b1074a62fad9635b15c250a444691632a773b9302539e07ae72a17ab8e79b30c
- SHA512
  
  24c6e176b14335da1c6e5cd0a06e72463bd88e1e89f35313b5a6edb887ecf685ab7d5b1ee8e1a257b1e00223af4c96e512e1cf6a4999920f232a1de2b1afe1d0
- SSDEEP
  
  12288:+MrIy90LPoBTc6TikeaOqBjHyNbSyWjl+HwjUo4UF:Wy4PoBw6fTHyy+HUUo4U
Score

10^/10

redline fukia discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefukiadiscoveryevasioninfostealerpersistencespywarestealertrojan