redline | f07262b7b616f4285c7e4f39a778a4d28b3d07b936fc5749f0c2ab00b26b9a76 | Triage

Sharing

General

Target

f07262b7b616f4285c7e4f39a778a4d28b3d07b936fc5749f0c2ab00b26b9a76
Size

715KB
Sample

220613-h441raeeal
MD5

424e0e716ebb8e20e9d2597083bb3b83
SHA1

a2afd9b3d3f64c2c817e41d6d5a7731be5fe227c
SHA256

f07262b7b616f4285c7e4f39a778a4d28b3d07b936fc5749f0c2ab00b26b9a76
SHA512

2919c0469cecb042bcdb86e2c22deb025fb95befb8c2aeeefb2a103b64a455393fd00b9dc38130fc9c91cd3716a6a1a6e4bb148222e459e11ddba26aa37e34dd

Score

10^/10

redline 76 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

76

C2

139.99.32.83:43199

Attributes

auth_value
44d461325298129ed3c705440f57962c

Targets

- Target
  
  f07262b7b616f4285c7e4f39a778a4d28b3d07b936fc5749f0c2ab00b26b9a76
- Size
  
  715KB
- MD5
  
  424e0e716ebb8e20e9d2597083bb3b83
- SHA1
  
  a2afd9b3d3f64c2c817e41d6d5a7731be5fe227c
- SHA256
  
  f07262b7b616f4285c7e4f39a778a4d28b3d07b936fc5749f0c2ab00b26b9a76
- SHA512
  
  2919c0469cecb042bcdb86e2c22deb025fb95befb8c2aeeefb2a103b64a455393fd00b9dc38130fc9c91cd3716a6a1a6e4bb148222e459e11ddba26aa37e34dd
Score

10^/10

redline 76 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline76infostealerspyware