redline | cd0f9aa670c5bad5db2db4c3b98dca1449863b827a5c83a9f7891a60d97d2363 | Triage

Sharing

General

Target

StartGame.exe
Size

1.8MB
Sample

220421-m2ncfaafbq
MD5

25c21aab69d1e63b0c9c60475b802bfd
SHA1

c3821a2f7e19ad83b867be99a43d56980f30640b
SHA256

cd0f9aa670c5bad5db2db4c3b98dca1449863b827a5c83a9f7891a60d97d2363
SHA512

d41fee747cd5e90a79c5d0bdf510f2aee8d5c1d680541b8c4ed9b7d4f5d83c4192eb5b5600ac286e38f4d8a9fd59e6793a7b08e6a9aee030ac7978fbe902441a

Score

10^/10

redline 1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.3.162:19747

Attributes

auth_value
95517c2a2f56575288c35d9dfde4a6aa

Targets

- Target
  
  StartGame.exe
- Size
  
  1.8MB
- MD5
  
  25c21aab69d1e63b0c9c60475b802bfd
- SHA1
  
  c3821a2f7e19ad83b867be99a43d56980f30640b
- SHA256
  
  cd0f9aa670c5bad5db2db4c3b98dca1449863b827a5c83a9f7891a60d97d2363
- SHA512
  
  d41fee747cd5e90a79c5d0bdf510f2aee8d5c1d680541b8c4ed9b7d4f5d83c4192eb5b5600ac286e38f4d8a9fd59e6793a7b08e6a9aee030ac7978fbe902441a
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline1infostealerspyware