redline | cba7efe86366a06afcaf30ffc25d0652bfeb1a179c5aaa90621537560e24a392 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cba7efe86366a06afcaf30ffc25d0652bfeb1a179c5aaa90621537560e24a392
Size

2.6MB
Sample

221003-j881yaeha4
MD5

fcc31bb8dd044f6b46db858f1bdc590f
SHA1

0be774425e100c7549de22def94f29691df429fe
SHA256

cba7efe86366a06afcaf30ffc25d0652bfeb1a179c5aaa90621537560e24a392
SHA512

b1ffb960489adea858e29954ebc34dba3d7a06f652a49f144bd3fdf3eb299e45ca0c4c33e22d8b8bd7fd31d915b0bdde679ff5cd7eba40c41212fb5381326f81
SSDEEP

49152:QbicWQFO8aZk9QTT0RQs2lpbfgFfQlKmI5l3g:QbicWQFO8QkKf0RQs2vfgFfQllV

Score

10^/10

redline 1200654767 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1200654767

C2

79.137.192.6:8362

Targets

- Target
  
  cba7efe86366a06afcaf30ffc25d0652bfeb1a179c5aaa90621537560e24a392
- Size
  
  2.6MB
- MD5
  
  fcc31bb8dd044f6b46db858f1bdc590f
- SHA1
  
  0be774425e100c7549de22def94f29691df429fe
- SHA256
  
  cba7efe86366a06afcaf30ffc25d0652bfeb1a179c5aaa90621537560e24a392
- SHA512
  
  b1ffb960489adea858e29954ebc34dba3d7a06f652a49f144bd3fdf3eb299e45ca0c4c33e22d8b8bd7fd31d915b0bdde679ff5cd7eba40c41212fb5381326f81
- SSDEEP
  
  49152:QbicWQFO8aZk9QTT0RQs2lpbfgFfQlKmI5l3g:QbicWQFO8QkKf0RQs2vfgFfQllV
Score

10^/10

redline 1200654767 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1200654767infostealerspyware