redline | d0925c242a852d0d535a949e3142c2b775982f61ae1079cc7ae86e2a5abcfb8b | Triage

Sharing

General

Target

Setup.exe
Size

669KB
Sample

220611-vjftmsgfhq
MD5

b4878dcbd908cfa8f8713306819eb8e2
SHA1

f839f0f49b287fca721caa2af639f3ecaf445c79
SHA256

d0925c242a852d0d535a949e3142c2b775982f61ae1079cc7ae86e2a5abcfb8b
SHA512

15e105cb88e95a58aa630a4874d2ae1d3b7de41d01e9653e457cb0786e8b03908b4702d9af38d895a9d36298a5da6932143735a4a1935a82dc7263e633f66e6d

Score

10^/10

redline 76 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

76

C2

139.99.32.83:43199

Attributes

auth_value
44d461325298129ed3c705440f57962c

Targets

- Target
  
  Setup.exe
- Size
  
  669KB
- MD5
  
  b4878dcbd908cfa8f8713306819eb8e2
- SHA1
  
  f839f0f49b287fca721caa2af639f3ecaf445c79
- SHA256
  
  d0925c242a852d0d535a949e3142c2b775982f61ae1079cc7ae86e2a5abcfb8b
- SHA512
  
  15e105cb88e95a58aa630a4874d2ae1d3b7de41d01e9653e457cb0786e8b03908b4702d9af38d895a9d36298a5da6932143735a4a1935a82dc7263e633f66e6d
Score

10^/10

redline 76 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline76infostealerspyware