redline | 3d50fb7a6d59a7b4a4779f5d4b804442133038d5b9afe845b3aad5f2631d2437 | Triage

Sharing

General

Target

file.exe
Size

1.3MB
Sample

220911-k5llxafbcj
MD5

93e3749c3d3402924e26700642376693
SHA1

8b9ab7807f7a00e886ce7caabef4a95908c6f565
SHA256

3d50fb7a6d59a7b4a4779f5d4b804442133038d5b9afe845b3aad5f2631d2437
SHA512

2153b2137de6f39d9382fda1c09004078278f31bca80ad1a8af23d1ed2d1df98832e16986bf5af72488f1bbec665e4bf0ce35410e5fef32ba8d4205124d5d1fa
SSDEEP

24576:eeD0dU1Yqq2wDWh7W7vFq+qxnSYxYj744+PKMfEGdkoR6CosxpSvW:Rq2Jg7vI+qxqcb6s/SvW

Score

10^/10

redline @forceddd_lzt infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@forceddd_lzt

C2

5.182.36.101:31305

Attributes

auth_value
91ffc3d776bc56b5c410d1adf5648512

Targets

- Target
  
  file.exe
- Size
  
  1.3MB
- MD5
  
  93e3749c3d3402924e26700642376693
- SHA1
  
  8b9ab7807f7a00e886ce7caabef4a95908c6f565
- SHA256
  
  3d50fb7a6d59a7b4a4779f5d4b804442133038d5b9afe845b3aad5f2631d2437
- SHA512
  
  2153b2137de6f39d9382fda1c09004078278f31bca80ad1a8af23d1ed2d1df98832e16986bf5af72488f1bbec665e4bf0ce35410e5fef32ba8d4205124d5d1fa
- SSDEEP
  
  24576:eeD0dU1Yqq2wDWh7W7vFq+qxnSYxYj744+PKMfEGdkoR6CosxpSvW:Rq2Jg7vI+qxqcb6s/SvW
Score

10^/10

redline @forceddd_lzt infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@forceddd_lztinfostealer

behavioral2

redline@forceddd_lztinfostealerspyware