redline | 37e057a9cf268da296c33ea6e935d1008b018cc51752143618577b3b9a2a26ee | Triage

Sharing

General

Target

b375ee623bea4699cb7b5018a78c91d9.exe
Size

715KB
Sample

220613-hwh4baaee4
MD5

b375ee623bea4699cb7b5018a78c91d9
SHA1

ecc84cee43aa4daa7b5a474e59182f3fe02cc633
SHA256

37e057a9cf268da296c33ea6e935d1008b018cc51752143618577b3b9a2a26ee
SHA512

79e36ba2774cd56ebce9e3e9e6f7ff759d90df1117adb2bcb5831471c9eedd6b949ef2f30bb91c2e7dc4ac23a30caf6955faa81adba8000921cbddcc1ad86417

Score

10^/10

redline 76 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

76

C2

139.99.32.83:43199

Attributes

auth_value
44d461325298129ed3c705440f57962c

Targets

- Target
  
  b375ee623bea4699cb7b5018a78c91d9.exe
- Size
  
  715KB
- MD5
  
  b375ee623bea4699cb7b5018a78c91d9
- SHA1
  
  ecc84cee43aa4daa7b5a474e59182f3fe02cc633
- SHA256
  
  37e057a9cf268da296c33ea6e935d1008b018cc51752143618577b3b9a2a26ee
- SHA512
  
  79e36ba2774cd56ebce9e3e9e6f7ff759d90df1117adb2bcb5831471c9eedd6b949ef2f30bb91c2e7dc4ac23a30caf6955faa81adba8000921cbddcc1ad86417
Score

10^/10

redline 76 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline76infostealerspyware