RedLine Stealer
Common Information
| Type | Value |
|---|---|
| UUID | d097cb3f-a7f1-4b22-9227-4e32ef404bf9 |
| Fingerprint | 5a9ad3d0225aa3f95adc253e0420aa4942b2b0378c61bd3c51779d12ea3e5bd9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 15, 2023, 2:38 p.m. |
| Added to db | Oct. 18, 2024, 5 p.m. |
| Last updated | Oct. 18, 2024, 5:04 p.m. |
| Headline | RedLine Stealer |
| Title | RedLine Stealer |
| Detected Hints/Tags/Attributes | 115/4/76 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 42 | quorumcyber.com |
|
| Details | Domain | 6 | fraunhofer.de |
|
| Details | Domain | 23 | infosecwriteups.com |
|
| Details | Domain | 11 | pcrisk.com |
|
| Details | Domain | 53 | ncsc.gov.uk |
|
| Details | Domain | 1 | stylinup.top |
|
| Details | Domain | 1 | arigato116.ru |
|
| Details | Domain | 1 | brainstormvc.me |
|
| Details | Domain | 1 | edigitalstudios.online |
|
| Details | Domain | 1 | poupahotel.com.br |
|
| Details | Domain | 3 | gene.win |
|
| Details | Domain | 9 | ke-la.com |
|
| Details | File | 2 | trojan-dropper.msi |
|
| Details | File | 4 | trojan-spy.msi |
|
| Details | File | 73 | trojan.msi |
|
| Details | sha256 | 1 | 4c3a3606ede4a8a426b1bd5cab11d9c656c93b4ce6e00118d513c3bdc77282f6 |
|
| Details | sha256 | 1 | d4a650e94846f03220b6da15e2cc3df43db9afa4bf0e47e0ce244e98771452b1 |
|
| Details | sha256 | 1 | 6b674b6d19a8dcb17327dcff90490dfe1ce51c816161cf8a6a375330da286831 |
|
| Details | sha256 | 1 | 7c09db186ed2be8d733cb25e4146bef0534926229e7855a080a2fd593c1aa695 |
|
| Details | sha256 | 1 | efb1f86744193b39bc3a85e3c6009036757e1736c6d4b764025723f783968617 |
|
| Details | sha256 | 1 | 056a713d4bc35bb5aaaee770d02bd0fdcd9037028c44f1ed41fe7b7ae178d666 |
|
| Details | sha256 | 1 | 150545b68626980c1e3f614c5f2966afbf4e5f341a6361d3b8f66fb25954440d |
|
| Details | sha256 | 1 | 2ff94580df6875ef9c21d9ded17ebbb14738822eb447c11014d21d26f4aa5e08 |
|
| Details | sha256 | 1 | 88cc855e29fc10c53151d1ba6be514e983194326e1c20b23d1d9224924d9e3c2 |
|
| Details | sha256 | 1 | c0377de61034a86b2b92f1d28ec284c765ef897fc305354bfa406bae6dd588a7 |
|
| Details | sha256 | 1 | 5be24d19eaa539986b437c0f960f83ad4d84d9127df970dbddf4f04a4a5b988c |
|
| Details | sha256 | 1 | 5f3038cdfe0901da23f42eaeff95ff2a2229cf8a7252bfd5610d596681455086 |
|
| Details | sha256 | 1 | cb399746ff46656eccf187ddc735093c769543d9549e4b6fe0afd6d08d4bae7d |
|
| Details | sha256 | 1 | 2b08151b0c4ececde811dd7f24d230fbd61dfd1a0e3237d0446b4d645a9cc305 |
|
| Details | sha256 | 1 | 876a7ca3d66bcae029818e477a1a18607ad27eacd8bc8b3d71ac7f4573cc5c42 |
|
| Details | sha256 | 1 | 98ba78737ad631cfb44745691933bf1ba83728045801fe285cab2d2560f9a7b9 |
|
| Details | sha256 | 1 | 0f9aebb29ee661c063fb63a782447c08ed71b0330ecae92358c9a3111b1af33b |
|
| Details | sha256 | 1 | 227b396c6dceeb7107850a0fd635299670d01e91fef3aaf4840fdffe88f3e1f9 |
|
| Details | sha256 | 1 | 612def8b01093a69ae511693b3888fabe54ca4d4a3afbf8a99a7212a699e6292 |
|
| Details | sha256 | 1 | 7a977ad3b47ddcda8649670805be884c37ec54b0d708d98f21bae68c6c0364bb |
|
| Details | IPv4 | 1 | 185.161.248.75 |
|
| Details | IPv4 | 1 | 45.11.93.21 |
|
| Details | IPv4 | 1 | 185.161.248.25 |
|
| Details | IPv4 | 2 | 37.139.129.142 |
|
| Details | IPv4 | 1 | 77.73.131.83 |
|
| Details | IPv4 | 4 | 85.192.63.46 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 275 | T1053.005 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 239 | T1106 |
|
| Details | MITRE ATT&CK Techniques | 120 | T1129 |
|
| Details | MITRE ATT&CK Techniques | 53 | T1031 |
|
| Details | MITRE ATT&CK Techniques | 279 | T1060 |
|
| Details | MITRE ATT&CK Techniques | 247 | T1070 |
|
| Details | MITRE ATT&CK Techniques | 41 | T1089 |
|
| Details | MITRE ATT&CK Techniques | 550 | T1112 |
|
| Details | MITRE ATT&CK Techniques | 189 | T1081 |
|
| Details | MITRE ATT&CK Techniques | 501 | T1012 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 180 | T1543.003 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 89 | T1552.001 |
|
| Details | Url | 1 | http://37.139.129.142/htdocs/ewtpjijjlectyzm.exe |
|
| Details | Url | 1 | http://77.73.131.83/cdn/1.exe |
|
| Details | Url | 1 | http://poupahotel.com.br/10/data64_1.exe |
|
| Details | Url | 1 | http://poupahotel.com.br/10/data64_4.exe |
|
| Details | Url | 1 | http://poupahotel.com.br/15/data64_1.exe |
|
| Details | Url | 1 | http://poupahotel.com.br/15/data64_4.exe |
|
| Details | Url | 1 | https://poupahotel.com.br/strong/top1.exe |
|
| Details | Url | 1 | http://77.73.131.83/cdn/3.exe |
|
| Details | Url | 1 | http://77.73.131.83/cdn/cn.exe |
|
| Details | Url | 1 | http://85.192.63.46/f/1.exe |
|
| Details | Url | 1 | https://brainstormvc.me/13/trdnganr6339.exe |
|
| Details | Url | 1 | https://arigato116.ru/wp-content/plugins/apfqnbl/build.exe |
|
| Details | Url | 1 | http://edigitalstudios.online/16/data64_4.exe |