redline | 60974f5d63c5b3f74654b4703bf1a7b56662e016ff184f675da1a78ac96c7b16 | Triage

Sharing

General

Target

60974F5D63C5B3F74654B4703BF1A7B56662E016FF184.exe
Size

1.4MB
Sample

220910-n31jtsdgdr
MD5

e9a4f34e8ae18813cd5391c264a66e45
SHA1

abc1fd2eda12ea13dce39eeb7b695e70b4cac145
SHA256

60974f5d63c5b3f74654b4703bf1a7b56662e016ff184f675da1a78ac96c7b16
SHA512

5092cc311b2d0ff983bfb66cc50a62d3541fae4f5d7ef489ebd177c92dd3f2a6cb3615f4e82ff99c84f62ffedec117dbad3abf6e347da27c078c815c441e51e8
SSDEEP

24576:Q1GEXEZXOYPYCfy0GmoMkXdLeF2bVRbRfIR5tegepbjLh3RLu:Q1ZEZ2gu2R+bjLh3RC

Score

10^/10

redline h infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

h

C2

95.217.55.221:25921

Attributes

auth_value
4ff47750f2415702232d09cbc50b7130

Targets

- Target
  
  60974F5D63C5B3F74654B4703BF1A7B56662E016FF184.exe
- Size
  
  1.4MB
- MD5
  
  e9a4f34e8ae18813cd5391c264a66e45
- SHA1
  
  abc1fd2eda12ea13dce39eeb7b695e70b4cac145
- SHA256
  
  60974f5d63c5b3f74654b4703bf1a7b56662e016ff184f675da1a78ac96c7b16
- SHA512
  
  5092cc311b2d0ff983bfb66cc50a62d3541fae4f5d7ef489ebd177c92dd3f2a6cb3615f4e82ff99c84f62ffedec117dbad3abf6e347da27c078c815c441e51e8
- SSDEEP
  
  24576:Q1GEXEZXOYPYCfy0GmoMkXdLeF2bVRbRfIR5tegepbjLh3RLu:Q1ZEZ2gu2R+bjLh3RC
Score

10^/10

redline h infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinehinfostealerspyware

behavioral2

redlinehinfostealerspyware