redline | 8cd709aad98ed6ec7b8375676d9c721ad8a4c243bd88c459553d784bf15c3601 | Triage

Sharing

General

Target

8cd709aad98ed6ec7b8375676d9c721ad8a4c243bd88c459553d784bf15c3601
Size

225KB
Sample

220910-n6fntsdgen
MD5

62303756f1df7dd1fcdb735fc8e0a38e
SHA1

0b47d111c41b2239bae09b4ff5e087ea16f26037
SHA256

8cd709aad98ed6ec7b8375676d9c721ad8a4c243bd88c459553d784bf15c3601
SHA512

dea51c2ee264fb4e44397e5027b380d3b4ac44bbeb618cd236f12ff2ee3451e8eacb025c16bc2d6b94107346572dd8baa20e816acbe8f9b7e82212d6f5850439
SSDEEP

3072:bp+hQFZeSur7tCqOe2BNdpH2DcJLMelnQpNNQMOLOH4NjUxVdOX:4hQSSuvV2x3JLllnQpNy8VdOX

Score

10^/10

redline 1337 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1337

C2

78.153.144.6:2510

Attributes

auth_value
b0447922bcbc2eda83260a9e7a638f45

Targets

- Target
  
  8cd709aad98ed6ec7b8375676d9c721ad8a4c243bd88c459553d784bf15c3601
- Size
  
  225KB
- MD5
  
  62303756f1df7dd1fcdb735fc8e0a38e
- SHA1
  
  0b47d111c41b2239bae09b4ff5e087ea16f26037
- SHA256
  
  8cd709aad98ed6ec7b8375676d9c721ad8a4c243bd88c459553d784bf15c3601
- SHA512
  
  dea51c2ee264fb4e44397e5027b380d3b4ac44bbeb618cd236f12ff2ee3451e8eacb025c16bc2d6b94107346572dd8baa20e816acbe8f9b7e82212d6f5850439
- SSDEEP
  
  3072:bp+hQFZeSur7tCqOe2BNdpH2DcJLMelnQpNNQMOLOH4NjUxVdOX:4hQSSuvV2x3JLllnQpNy8VdOX
Score

10^/10

redline 1337 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1337infostealerspyware