redline | 20baec820a8b41b74922e5b8960ac0a82a990ebda390dfecd164257dcdbf5901 | Triage

Sharing

General

Target

493d4ca9b8e852cdbc02e6cac5170190_NeikiAnalytics.exe
Size

332KB
Sample

240523-vcgglahg53
MD5

493d4ca9b8e852cdbc02e6cac5170190
SHA1

02e0be7ad12a4b873322df1e8ae7e96713b31339
SHA256

20baec820a8b41b74922e5b8960ac0a82a990ebda390dfecd164257dcdbf5901
SHA512

97a68dbb5adc0212536f04b882214d14fc0ccf7507d0dd78428ced9f331bb808992af34c807fbc2b520942b08d7dc39814dce9f8b1fe260db8287d2af21b2047
SSDEEP

6144:X+vFKl5PEF7c4i/93KJ7JN7milrOHXo1kKezPDmY:BPEF7g4J5lsXYkKe7Dm

Score

10^/10

redline 5345987420 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/NgsUAPya

Targets

- Target
  
  493d4ca9b8e852cdbc02e6cac5170190_NeikiAnalytics.exe
- Size
  
  332KB
- MD5
  
  493d4ca9b8e852cdbc02e6cac5170190
- SHA1
  
  02e0be7ad12a4b873322df1e8ae7e96713b31339
- SHA256
  
  20baec820a8b41b74922e5b8960ac0a82a990ebda390dfecd164257dcdbf5901
- SHA512
  
  97a68dbb5adc0212536f04b882214d14fc0ccf7507d0dd78428ced9f331bb808992af34c807fbc2b520942b08d7dc39814dce9f8b1fe260db8287d2af21b2047
- SSDEEP
  
  6144:X+vFKl5PEF7c4i/93KJ7JN7milrOHXo1kKezPDmY:BPEF7g4J5lsXYkKe7Dm
Score

10^/10

redline 5345987420 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redline5345987420discoveryinfostealer