redline | 411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229 | Triage

Sharing

General

Target

411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
Size

1.5MB
Sample

221007-eb17lsbgbm
MD5

e11b0110e884debf9bee9756d1eaa625
SHA1

01e6fdfad2169994f434e2c896dd8780dff6341c
SHA256

411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
SHA512

090ea94962ff5386f41ace6351ea4fcb1d0b051d7319a7b070c9440123cfc6ede6f8d4b981578ba0a626c776850a52f457341a808ea3caee532c03d7fb783526
SSDEEP

24576:lMnGznDVKFnuLA4nxra9S603/M0gTGXb2IQxnXL0K8Fa6IOefzft3UdLiP:CnGTDV8uLA8xeYmcXbfQxnXSfefiRiP

Score

10^/10

redline imhotep infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

IMHOTEP

C2

185.215.113.217:19618

Attributes

auth_value
6ab091fd3a77232d89f167fd3318223a

Targets

- Target
  
  411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
- Size
  
  1.5MB
- MD5
  
  e11b0110e884debf9bee9756d1eaa625
- SHA1
  
  01e6fdfad2169994f434e2c896dd8780dff6341c
- SHA256
  
  411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
- SHA512
  
  090ea94962ff5386f41ace6351ea4fcb1d0b051d7319a7b070c9440123cfc6ede6f8d4b981578ba0a626c776850a52f457341a808ea3caee532c03d7fb783526
- SSDEEP
  
  24576:lMnGznDVKFnuLA4nxra9S603/M0gTGXb2IQxnXL0K8Fa6IOefzft3UdLiP:CnGTDV8uLA8xeYmcXbfQxnXSfefiRiP
Score

10^/10

redline imhotep infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlineimhotepinfostealerspyware