redline | 3b38378d0b57fc75646c350f286d53ad0d7a15ebd4d103374e2e2301758ab442 | Triage

Sharing

General

Target

__1000.png.exe.vir
Size

1.2MB
Sample

220619-ze9y5sbgdp
MD5

926ee43e282b9774b710501c4fff41c7
SHA1

4d8ebd4ac62c70e0e42d17b62a3051c686ece7df
SHA256

3b38378d0b57fc75646c350f286d53ad0d7a15ebd4d103374e2e2301758ab442
SHA512

9f338257255e53dc215fba6845af5a3cac39028be945481c514dd3393783a2be5f0d858ddbfba7b5716c8d62cf97870beaf467313db859ce93c601ae56c85257

Score

10^/10

redline 2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

2

C2

45.142.122.179:36803

Attributes

auth_value
8b4fd9f885203719dec0ceda822a4ec3

Targets

- Target
  
  __1000.png.exe.vir
- Size
  
  1.2MB
- MD5
  
  926ee43e282b9774b710501c4fff41c7
- SHA1
  
  4d8ebd4ac62c70e0e42d17b62a3051c686ece7df
- SHA256
  
  3b38378d0b57fc75646c350f286d53ad0d7a15ebd4d103374e2e2301758ab442
- SHA512
  
  9f338257255e53dc215fba6845af5a3cac39028be945481c514dd3393783a2be5f0d858ddbfba7b5716c8d62cf97870beaf467313db859ce93c601ae56c85257
Score

10^/10

redline 2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2infostealerspyware

behavioral2

redline2infostealerspyware