redline | 7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c | Triage

Sharing

General

Target

7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
Size

1.6MB
Sample

221006-17x1qabbgn
MD5

d49bfdabe6d8bf9977115f1e09e2d4db
SHA1

629e8a9a9323e15b2128c81ce72c16ef3afe67b9
SHA256

7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
SHA512

701d17bdc69922f01655c3e63ff59485d20e6871ab5c690789ac98e3006e43a3383582187609fcb0999c774d5dda573c84b4a84a29779fb0d23eba05ecc73327
SSDEEP

24576:2eTLUUWXx8KlTUeE/SP3GFFaraUuWbO0GmxsPGMkDC+/aRVUMysqyEH:b3UUAajKP3Qse+bOJE++aRSM2

Score

10^/10

redline imhotep infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

IMHOTEP

C2

185.215.113.217:19618

Attributes

auth_value
6ab091fd3a77232d89f167fd3318223a

Targets

- Target
  
  7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
- Size
  
  1.6MB
- MD5
  
  d49bfdabe6d8bf9977115f1e09e2d4db
- SHA1
  
  629e8a9a9323e15b2128c81ce72c16ef3afe67b9
- SHA256
  
  7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
- SHA512
  
  701d17bdc69922f01655c3e63ff59485d20e6871ab5c690789ac98e3006e43a3383582187609fcb0999c774d5dda573c84b4a84a29779fb0d23eba05ecc73327
- SSDEEP
  
  24576:2eTLUUWXx8KlTUeE/SP3GFFaraUuWbO0GmxsPGMkDC+/aRVUMysqyEH:b3UUAajKP3Qse+bOJE++aRSM2
Score

10^/10

redline imhotep infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineimhotepinfostealerspyware

behavioral2

redlineimhotepinfostealerspyware