redline | 14dc7cf045dda9a5ee21a4baf5e359b1c892f87b1834fc707d8b8d707793bb94 | Triage

Sharing

General

Target

Loader Ver3.1.rar
Size

5.6MB
Sample

220920-yr4r8aecd7
MD5

7b7a6dbbce33c9aa6a798d622d11dbe7
SHA1

6d44d9af8d62c83dc8cd3b579210857009093ffa
SHA256

14dc7cf045dda9a5ee21a4baf5e359b1c892f87b1834fc707d8b8d707793bb94
SHA512

8133decbe050eb5f368b40ce7e021da67b08d3d3c7e0e9a2d3316978b5f1ab40bb7b4a4467800b803d7ef133d69a9836531a8763b5409c99f15c54727f808496
SSDEEP

98304:N4SIbgx6sMlo69crK4pevCui6THGMoFM/5PNpyyUxYGP+O:ySIbQpMloDrK4ifTVoFSP3FUxYGWO

Score

10^/10

redline 1851281290_99 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1851281290_99

C2

tapucan.xyz:28786

Attributes

auth_value
82f98d7ce7c6a5819bc7d092b2745dc0

Targets

- Target
  
  Loader.exe
- Size
  
  666.3MB
- MD5
  
  548b7c504d22535e28fc9362fade7d04
- SHA1
  
  5e3376b4826f033721f7e902f388bcec65d1c79c
- SHA256
  
  a7192c621a46802fc459614749911caabcc70b662b6afe94b8a69ef6c1bdee78
- SHA512
  
  b073c1b20882eef864e3a1a21b7e9ff154a33edbd4890bb4a69da735c28a50d3f52aa345416c441877d156a0cb2db428b2f9f2e73c678012efef9131fa8c3e6d
- SSDEEP
  
  24576:w1H6f+kpiwSRyWJ2YqYYxKdty7MUtdPqZ36J+d+Vuti1P4bGRfXRL1aQG9l3RuQd:wBzkswSRyfKDTi1P4bGRfXRxaN9l3
Score

10^/10

redline 1851281290_99 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1851281290_99infostealerspyware

behavioral2

redline1851281290_99infostealerspyware