ioc[.]one - OSINT Cyber Threat Intelligence Database

Reversing Redline Stealer | Malware Hell

Tags

country:	Armenia Azerbaijan Belarus Kazakhstan Kyrgyzstan Moldova Tajikistan Uzbekistan Russia Ukraine
attack-pattern:	Data Credentials - T1589.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Python - T1059.006 Software - T1592.002 Process Hollowing - T1093

Show in Graph

Common Information

Type	Value
UUID	b71cef3d-05d7-4350-a02f-a9d26d5de83b
Fingerprint	6ca8ff547b3f0250
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 29, 2022, midnight
Added to db	Jan. 16, 2023, 3:50 p.m.
Last updated	Nov. 12, 2024, 6:02 a.m.
Headline	Reversing Redline Stealer
Title	Reversing Redline Stealer \| Malware Hell
Detected Hints/Tags/Attributes	66/2/20

Source URLs

	Redirection	Url
Details	Source	https://c3rb3ru5d3d53c.github.io/malware-blog/redline-stealer/

URL Provider

Details	Provider	Source level domain
Details	github.io	c3rb3ru5d3d53c.github.io

Attributes

Details	Type	#Events	Value
Details	Domain	1	pornleech.ch
Details	Domain	1	timezoneinfo.local.id
Details	Domain	1	strindecrypt.read
Details	Domain	4	stringdecrypt.read
Details	Domain	2	arguments.id
Details	Domain	1	filescanning.search
Details	File	1	che.mp3
Details	File	1	quella.mp3
Details	File	1	travolge.mp3
Details	File	1	mantenga.exe
Details	File	13	jsc.exe
Details	File	15	telegram.exe
Details	sha256	1	532c47de5bdd433bea776290d27a741b09a1d5c5f2089e54eced922514a60799
Details	sha256	1	3e8d604a5d545189c35d810845b3e2208e3c56081507b949ecb17a6bbd4decb1
Details	sha256	1	ac5f7f01c7ca6663810df33bfa62012368b6c17b7520943c094308f30adac766
Details	sha256	1	454b381e98f092cab4e82f21a790c5ccd4dbd006e44925bcabd6c9289ea6700e
Details	sha256	2	3e26723394ade92f8163b5643960189cb07358b0f96529a477d37176d68aa0a0
Details	sha256	1	676ae4b1ef05ee0ec754a970cce61a5f8d3093989a58c33087a3a5dca06364aa
Details	IPv4	1	95.217.35.153
Details	Windows Registry Key	11	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall