redline | 8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5 | Triage

Sharing

General

Target

8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5
Size

429KB
Sample

220908-m5nsdabfaj
MD5

cec2f747dbbbef10f7b16ebb9fd75e19
SHA1

c20b3b5a0972d6e5c588cf6655b0250b0104e0f7
SHA256

8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5
SHA512

6b95d43d6009d7e63c4b3e337e74255bc84cb01add9f63873d36b193cae0b7078c0745b508507828c0aa1f09be264042920d4848dea2cdba16c7800f66156814
SSDEEP

12288:wAz1gZ0KtvusH5ntDfR0Veh+6udJ0iycbxOygJ3bmLJ:91w5nB+VeAv/bx3gbA

Score

10^/10

redline nam5 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

nam5

C2

103.89.90.61:34589

Attributes

auth_value
f23be8e9063fe5d0c6fc3ee8e7d565bd

Targets

- Target
  
  8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5
- Size
  
  429KB
- MD5
  
  cec2f747dbbbef10f7b16ebb9fd75e19
- SHA1
  
  c20b3b5a0972d6e5c588cf6655b0250b0104e0f7
- SHA256
  
  8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5
- SHA512
  
  6b95d43d6009d7e63c4b3e337e74255bc84cb01add9f63873d36b193cae0b7078c0745b508507828c0aa1f09be264042920d4848dea2cdba16c7800f66156814
- SSDEEP
  
  12288:wAz1gZ0KtvusH5ntDfR0Veh+6udJ0iycbxOygJ3bmLJ:91w5nB+VeAv/bx3gbA
Score

10^/10

redline nam5 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenam5infostealerspyware