redline | e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6 | Triage

Sharing

General

Target

e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
Size

1.4MB
Sample

221002-183mladbb3
MD5

e32cf33433b5635501885a6bf12ff2a9
SHA1

4a9a7d6c7bf8cb9e64c9bddfe60031e06804a58d
SHA256

e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
SHA512

868aefac1226b5a6f2c7cf2e7588a457dc871659867863631ab938631bd90f6d67573dc1a39ad9199063e19b9b0ecce3506e762ab3a0d7287e30d7736cd86754
SSDEEP

24576:G9KJu8M5sw86BP6SBD8iHVJP19u/OpCmA0oPRw9gvJmWTDDq9xa/9F:G9d8yF8QP6a8At9ucxca+vJn3oa/

Score

10^/10

redline imhotep infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

IMHOTEP

C2

185.215.113.217:19618

Attributes

auth_value
6ab091fd3a77232d89f167fd3318223a

Targets

- Target
  
  e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
- Size
  
  1.4MB
- MD5
  
  e32cf33433b5635501885a6bf12ff2a9
- SHA1
  
  4a9a7d6c7bf8cb9e64c9bddfe60031e06804a58d
- SHA256
  
  e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
- SHA512
  
  868aefac1226b5a6f2c7cf2e7588a457dc871659867863631ab938631bd90f6d67573dc1a39ad9199063e19b9b0ecce3506e762ab3a0d7287e30d7736cd86754
- SSDEEP
  
  24576:G9KJu8M5sw86BP6SBD8iHVJP19u/OpCmA0oPRw9gvJmWTDDq9xa/9F:G9d8yF8QP6a8At9ucxca+vJn3oa/
Score

10^/10

redline imhotep infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineimhotepinfostealerspyware

behavioral2

redlineimhotepinfostealerspyware