redline | 3738f6835c8a9c4b848d32d2e717c3283b6f60281e33389f339946b4d54fd812 | Triage

Sharing

General

Target

3738f6835c8a9c4b848d32d2e717c3283b6f60281e33389f339946b4d54fd812
Size

290KB
Sample

220606-2rls7ahbdq
MD5

a84fc82f61c7ddb8295971ec03e633ec
SHA1

5e95aa00646b9a469fc41075d5db9b42265a9df8
SHA256

3738f6835c8a9c4b848d32d2e717c3283b6f60281e33389f339946b4d54fd812
SHA512

2a7f7fd754496cb8c6b1d19073ee51cd189ac319589da831cb8ecb60d1eba8883caaf81433a1b629dcdc919d8abdf2af95922889e14d43625c3802198becdc63

Score

10^/10

redline 9-5 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

9-5

C2

139.99.32.83:43199

Attributes

auth_value
637de2b47f42d9cc7912f71cb6b57b5b

Targets

- Target
  
  3738f6835c8a9c4b848d32d2e717c3283b6f60281e33389f339946b4d54fd812
- Size
  
  290KB
- MD5
  
  a84fc82f61c7ddb8295971ec03e633ec
- SHA1
  
  5e95aa00646b9a469fc41075d5db9b42265a9df8
- SHA256
  
  3738f6835c8a9c4b848d32d2e717c3283b6f60281e33389f339946b4d54fd812
- SHA512
  
  2a7f7fd754496cb8c6b1d19073ee51cd189ac319589da831cb8ecb60d1eba8883caaf81433a1b629dcdc919d8abdf2af95922889e14d43625c3802198becdc63
Score

10^/10

redline 9-5 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline9-5infostealerspyware