redline | 12b5f1fafe3fe0fb87c92cbc1b1c137669fa4f8a4730c5a480d61c08c00b8c79 | Triage

Sharing

General

Target

470f80ca7349c847bb5e892fa7ce1830.exe
Size

443KB
Sample

221012-zm5z6acbbk
MD5

470f80ca7349c847bb5e892fa7ce1830
SHA1

d175559baf9ed2d3adde6e0983157fdd69846ce0
SHA256

12b5f1fafe3fe0fb87c92cbc1b1c137669fa4f8a4730c5a480d61c08c00b8c79
SHA512

0b9538123fe38fd16167c1061b52e6d1bbfae08a009fb832f7edff7fdbdd237ca0b845c249f9a120b0b185757581e8c73657ac8b6b121c889dd13c85c3ff145a
SSDEEP

6144:t14yaN+DI6kZs2AaHMniB4fAZJNDTXCxl6Q1sIjNPeMDeMuskpDoPBST8FEAOecB:3aUDI6kZsBK5fQ1FefTskpDsSTZM020

Score

10^/10

redline 95 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

95

C2

45.144.31.240:40997

Attributes

auth_value
398d6fb78a0f07111cca2571506c635e

Targets

- Target
  
  470f80ca7349c847bb5e892fa7ce1830.exe
- Size
  
  443KB
- MD5
  
  470f80ca7349c847bb5e892fa7ce1830
- SHA1
  
  d175559baf9ed2d3adde6e0983157fdd69846ce0
- SHA256
  
  12b5f1fafe3fe0fb87c92cbc1b1c137669fa4f8a4730c5a480d61c08c00b8c79
- SHA512
  
  0b9538123fe38fd16167c1061b52e6d1bbfae08a009fb832f7edff7fdbdd237ca0b845c249f9a120b0b185757581e8c73657ac8b6b121c889dd13c85c3ff145a
- SSDEEP
  
  6144:t14yaN+DI6kZs2AaHMniB4fAZJNDTXCxl6Q1sIjNPeMDeMuskpDoPBST8FEAOecB:3aUDI6kZsBK5fQ1FefTskpDsSTZM020
Score

10^/10

redline 95 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline95infostealerspyware

behavioral2

redline95infostealerspyware