RedLine Stealer Malware Outbreak
Common Information
| Type | Value |
|---|---|
| UUID | d3d7d266-5608-452b-9445-ee9ce573ab76 |
| Fingerprint | a4493affb54975b5ad716492ebfe852d16b53efcb2da1a935673ec97ea7b3a4f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 19, 2023, 9:02 a.m. |
| Added to db | June 5, 2024, 1:31 p.m. |
| Last updated | Aug. 31, 2024, 7:37 a.m. |
| Headline | RedLine Stealer Malware Outbreak |
| Title | RedLine Stealer Malware Outbreak |
| Detected Hints/Tags/Attributes | 0/0/75 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 22 | www.logpoint.com |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 51 | battle.net |
|
| Details | File | 39 | www.log |
|
| Details | File | 3 | c:\windows\system32\drivers\vboxmouse.sys |
|
| Details | File | 3 | c:\windows\system32\drivers\vmmouse.sys |
|
| Details | File | 3 | c:\windows\system32\drivers\vmhgfs.sys |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 2 | c:\users\admin\appdata\roaming\svchost.exe |
|
| Details | File | 14 | tmp.bat |
|
| Details | File | 1 | tmpbc80.tmp |
|
| Details | File | 14 | caspol.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 8 | bat.exe |
|
| Details | File | 1 | 3c53c9fabd1631125c5d295d22f5482ae226cf0bb34bc3de88e530b72347fc88.bat |
|
| Details | File | 149 | msbuild.exe |
|
| Details | File | 1 | c:\users\admin\appdata\local\temp\whatinstitution.bat |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2 | c:\windows\system32\advpack.dll |
|
| Details | File | 1 | c:\users\xxx\appdata\local\temp\ixp000.tmp |
|
| Details | File | 30 | doc.exe |
|
| Details | File | 14 | docx.exe |
|
| Details | File | 6 | xls.exe |
|
| Details | File | 2 | xlsx.exe |
|
| Details | File | 1 | ppt.exe |
|
| Details | File | 1 | pptx.exe |
|
| Details | File | 1 | rtf.exe |
|
| Details | File | 95 | pdf.exe |
|
| Details | File | 6 | txt.exe |
|
| Details | File | 1 | ______.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 5 | mrt.exe |
|
| Details | File | 2 | rpcnet.exe |
|
| Details | File | 27 | attrib.exe |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 13 | devenv.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 7 | nuget.exe |
|
| Details | File | 32 | powershell_ise.exe |
|
| Details | File | 122 | psexec.exe |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 47 | cmstp.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 40 | 7z.exe |
|
| Details | File | 47 | winrar.exe |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 48 | net1.exe |
|
| Details | File | 12 | psexec64.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 21 | tiworker.exe |
|
| Details | File | 8 | poqexec.exe |
|
| Details | File | 26 | taskhostw.exe |
|
| Details | File | 18 | webcachev01.dat |
|
| Details | File | 60 | cookies.sql |
|
| Details | File | 64 | logins.json |
|
| Details | File | 36 | key3.db |
|
| Details | File | 41 | key4.db |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 19 | mpcopyaccelerator.exe |
|
| Details | File | 5 | thor64.exe |
|
| Details | File | 4 | thor.exe |
|
| Details | File | 27 | c:\windows\system32\msiexec.exe |