redline | a8ed64c2ba2355ae29d0f0d8fff78a40b8488fd60351839c6ce2347e355a74c3 | Triage

Sharing

General

Target

a8ed64c2ba2355ae29d0f0d8fff78a40b8488fd60351839c6ce2347e355a74c3
Size

290KB
Sample

220607-jd756acba2
MD5

98422ed16c0986e96b8628b55e1e86a6
SHA1

c5888f1c5474e77f625903d7247239e5fc362a18
SHA256

a8ed64c2ba2355ae29d0f0d8fff78a40b8488fd60351839c6ce2347e355a74c3
SHA512

fadf6f67fa71ad7df3d989b59b6bcd092b0e4e2ae6749b8641caf7a3d7b41796c141490fdfa534f9dfaf5a6727d31b9d66dbbe7a75f4e0dc1b734371061df2b8

Score

10^/10

redline 9-5 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

9-5

C2

139.99.32.83:43199

Attributes

auth_value
637de2b47f42d9cc7912f71cb6b57b5b

Targets

- Target
  
  a8ed64c2ba2355ae29d0f0d8fff78a40b8488fd60351839c6ce2347e355a74c3
- Size
  
  290KB
- MD5
  
  98422ed16c0986e96b8628b55e1e86a6
- SHA1
  
  c5888f1c5474e77f625903d7247239e5fc362a18
- SHA256
  
  a8ed64c2ba2355ae29d0f0d8fff78a40b8488fd60351839c6ce2347e355a74c3
- SHA512
  
  fadf6f67fa71ad7df3d989b59b6bcd092b0e4e2ae6749b8641caf7a3d7b41796c141490fdfa534f9dfaf5a6727d31b9d66dbbe7a75f4e0dc1b734371061df2b8
Score

10^/10

redline 9-5 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline9-5infostealerspyware