redline | 16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7_x64

winprofile

windows10_x64

Sharing

General

Target

16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
Size

1.6MB
Sample

220705-17f27sfee7
MD5

172b15079b00399010648f9474f8e0b6
SHA1

931da4fc406d9242a298e86fb818eed29bff8047
SHA256

16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
SHA512

8e0912393441a0e5863b5097943de3d099d2b3f3f32c1425a524fe2c5f61caffe3887f7c9c14fb9b0cdded5357174001dc3307c817c80a6a4566715a588874e8

Score

10^/10

redline subzero infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261.exe

Resource

win7-20220414-en

redline subzero infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261.exe

Resource

win10-20220414-en

redline subzero infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

SUBZERO

C2

185.215.113.217:19618

Attributes

auth_value
019ff2a82025cde517e4466362191205

Targets

- Target
  
  16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
- Size
  
  1.6MB
- MD5
  
  172b15079b00399010648f9474f8e0b6
- SHA1
  
  931da4fc406d9242a298e86fb818eed29bff8047
- SHA256
  
  16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
- SHA512
  
  8e0912393441a0e5863b5097943de3d099d2b3f3f32c1425a524fe2c5f61caffe3887f7c9c14fb9b0cdded5357174001dc3307c817c80a6a4566715a588874e8
Score

10^/10

redline subzero infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesubzeroinfostealerspyware

behavioral2

redlinesubzeroinfostealerspyware

© 2018-2024

Terms | Privacy