redline | a5f5a25c64b86226a72d0384537ee3f192888dc6bbaf578540e62b33b41a0db0 | Triage

Sharing

General

Target

a5f5a25c64b86226a72d0384537ee3f192888dc6bbaf578540e62b33b41a0db0
Size

557KB
Sample

230217-b63gdacg31
MD5

64b8a2b12fc23f36673e697d5322ff6a
SHA1

a7d176bcb384b3513a2a0bee8a08f4a8f857cbd9
SHA256

a5f5a25c64b86226a72d0384537ee3f192888dc6bbaf578540e62b33b41a0db0
SHA512

13aea8b46a6dc93c8bb54838f6310f1bf45d06c32d9bbcd8fb5fc779e22dfeeed21362ef2d104af3bf1e9ebec305a5c26549c731c643477107d7d507a8a93285
SSDEEP

12288:fMr8y90k39QXbowIqO74fTi481fVfSpIwyzf67H2:zyBQrJILM8ZhSpIwyzfEH2

Score

10^/10

redline fukia discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  a5f5a25c64b86226a72d0384537ee3f192888dc6bbaf578540e62b33b41a0db0
- Size
  
  557KB
- MD5
  
  64b8a2b12fc23f36673e697d5322ff6a
- SHA1
  
  a7d176bcb384b3513a2a0bee8a08f4a8f857cbd9
- SHA256
  
  a5f5a25c64b86226a72d0384537ee3f192888dc6bbaf578540e62b33b41a0db0
- SHA512
  
  13aea8b46a6dc93c8bb54838f6310f1bf45d06c32d9bbcd8fb5fc779e22dfeeed21362ef2d104af3bf1e9ebec305a5c26549c731c643477107d7d507a8a93285
- SSDEEP
  
  12288:fMr8y90k39QXbowIqO74fTi481fVfSpIwyzf67H2:zyBQrJILM8ZhSpIwyzfEH2
Score

10^/10

redline fukia discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefukiadiscoveryevasioninfostealerpersistencespywarestealertrojan