redline | efc2123d6a527cc11c2e23dacbc2d1a4d6cd8dacc2f329dffeb3b99af9cbf3a0 | Triage

Sharing

General

Target

efc2123d6a527cc11c2e23dacbc2d1a4d6cd8dacc2f329dffeb3b99af9cbf3a0
Size

723KB
Sample

221024-yshalsadbq
MD5

8be16556bcd1f7e5e72b0a5516b444bc
SHA1

5a4781455921136beb0020cf5b38c12832753855
SHA256

efc2123d6a527cc11c2e23dacbc2d1a4d6cd8dacc2f329dffeb3b99af9cbf3a0
SHA512

f66afd0eaa0a611b870bab52e45639c0c76be2c1f4d90036c95eda133eeaf434b0f6fb7467a1f77e21146c32c7b4f23a8057cabd962b4616415133e27220d155
SSDEEP

12288:fQfr2Y0TpkxujvEBBmUQEI2yEiThYvTEGJ0wJ69TV6VBuKU64ZvwU7Prs0nab:fQfrT0TpkxuI2EidYbEGJdaVDZ7Q0nY

Score

10^/10

redline slovarikinstalls infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

slovarikinstalls

C2

78.153.144.3:2510

Attributes

auth_value
5f80b2ec82e3bd02a08a3a55d3180551

Targets

- Target
  
  efc2123d6a527cc11c2e23dacbc2d1a4d6cd8dacc2f329dffeb3b99af9cbf3a0
- Size
  
  723KB
- MD5
  
  8be16556bcd1f7e5e72b0a5516b444bc
- SHA1
  
  5a4781455921136beb0020cf5b38c12832753855
- SHA256
  
  efc2123d6a527cc11c2e23dacbc2d1a4d6cd8dacc2f329dffeb3b99af9cbf3a0
- SHA512
  
  f66afd0eaa0a611b870bab52e45639c0c76be2c1f4d90036c95eda133eeaf434b0f6fb7467a1f77e21146c32c7b4f23a8057cabd962b4616415133e27220d155
- SSDEEP
  
  12288:fQfr2Y0TpkxujvEBBmUQEI2yEiThYvTEGJ0wJ69TV6VBuKU64ZvwU7Prs0nab:fQfrT0TpkxuI2EidYbEGJdaVDZ7Q0nY
Score

10^/10

redline slovarikinstalls infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineslovarikinstallsinfostealerspyware