redline | 230e4d55c87cae043ef32a61566e6e2d5ad0fc4a081c113449ceafe2b5785773 | Triage

Sharing

General

Target

1027406f479544742431021b564d9d10_NeikiAnalytics
Size

267KB
Sample

240510-swsmvsfg97
MD5

1027406f479544742431021b564d9d10
SHA1

6d41d37ab0a8bd08ceb90b5ea7a208629eaf7366
SHA256

230e4d55c87cae043ef32a61566e6e2d5ad0fc4a081c113449ceafe2b5785773
SHA512

67091c804e3e5bb389484f8892d79778f9e6218a16b5f7a48023da1a066cf68df9ba92f255995f532fd02878e16bb99847afd1195c208404b31adaf709c8769f
SSDEEP

6144:5kcllhS4qdxjPxUUsZkN3A9cfbtHeftsqmmKU:ua/SNRr3de1ZKU

Score

10^/10

redline 5345987420 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/KE5Mft0T

Targets

- Target
  
  1027406f479544742431021b564d9d10_NeikiAnalytics
- Size
  
  267KB
- MD5
  
  1027406f479544742431021b564d9d10
- SHA1
  
  6d41d37ab0a8bd08ceb90b5ea7a208629eaf7366
- SHA256
  
  230e4d55c87cae043ef32a61566e6e2d5ad0fc4a081c113449ceafe2b5785773
- SHA512
  
  67091c804e3e5bb389484f8892d79778f9e6218a16b5f7a48023da1a066cf68df9ba92f255995f532fd02878e16bb99847afd1195c208404b31adaf709c8769f
- SSDEEP
  
  6144:5kcllhS4qdxjPxUUsZkN3A9cfbtHeftsqmmKU:ua/SNRr3de1ZKU
Score

10^/10

redline 5345987420 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redline5345987420discoveryinfostealer