redline | a7203cb9f5e7079a59914d748ac6417af96caf0bbb4b2e36d408187d0bec3dc0 | Triage

Sharing

General

Target

file.exe
Size

1.5MB
Sample

220919-q1tdvabcg8
MD5

7856d219ed8a691a63eca3e5a432c65f
SHA1

c6b42130d4bba6f62a698ff0cbb58e082e433869
SHA256

a7203cb9f5e7079a59914d748ac6417af96caf0bbb4b2e36d408187d0bec3dc0
SHA512

5054edbe99a436c0b72981b269904ebd6e21f225c38bc84415448159871fad4c102cda34e16cc2692509a2d974b45a90f985ab3577e7f2b4294e4555cc528127
SSDEEP

49152:1nAzYyPHaw46Qsabt04deWVdDsNBaYGdo:phx3zJhlVdDsLoS

Score

10^/10

redline @joker_reborn infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@joker_reborn

C2

20.111.62.187:12944

Attributes

auth_value
3bef5f3e00b75e26d1f1fc60672cd81d

Targets

- Target
  
  file.exe
- Size
  
  1.5MB
- MD5
  
  7856d219ed8a691a63eca3e5a432c65f
- SHA1
  
  c6b42130d4bba6f62a698ff0cbb58e082e433869
- SHA256
  
  a7203cb9f5e7079a59914d748ac6417af96caf0bbb4b2e36d408187d0bec3dc0
- SHA512
  
  5054edbe99a436c0b72981b269904ebd6e21f225c38bc84415448159871fad4c102cda34e16cc2692509a2d974b45a90f985ab3577e7f2b4294e4555cc528127
- SSDEEP
  
  49152:1nAzYyPHaw46Qsabt04deWVdDsNBaYGdo:phx3zJhlVdDsLoS
Score

10^/10

redline @joker_reborn infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@joker_reborninfostealerspyware

behavioral2

redline@joker_reborninfostealerspyware