redline | 113ff51b73011d0f6adaed23165ba3a11a9ed995b0ad7b5f2fc4260edec1d64d | Triage

Sharing

General

Target

113ff51b73011d0f6adaed23165ba3a11a9ed995b0ad7b5f2fc4260edec1d64d
Size

341KB
Sample

221026-aa9p5sebh4
MD5

87c188252e16f96839c2bd5c384872e6
SHA1

c966e6d2bcb2c3f38e76fdc3814e53e724f7b314
SHA256

113ff51b73011d0f6adaed23165ba3a11a9ed995b0ad7b5f2fc4260edec1d64d
SHA512

c51a4ef6bf5a8d73e1e1bd7c25390b37446502f9068415e191dd5a2ee7d8ed8f76e209a2df787c4ca9d8ab2fa42e09621a5dc987b7fba52aae2344b9463e6716
SSDEEP

6144:dagb5p4oZflvsjew3f+vW5FLUKMAOUH1ITdKoaH4rAYjIOleDML1RP9tTd:Lp4oZflvB0vM+c/aYrvjHRV1d

Score

10^/10

redline slovarik15btc infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

slovarik15btc

C2

78.153.144.3:2510

Attributes

auth_value
bfedad55292538ad3edd07ac95ad8952

Targets

- Target
  
  113ff51b73011d0f6adaed23165ba3a11a9ed995b0ad7b5f2fc4260edec1d64d
- Size
  
  341KB
- MD5
  
  87c188252e16f96839c2bd5c384872e6
- SHA1
  
  c966e6d2bcb2c3f38e76fdc3814e53e724f7b314
- SHA256
  
  113ff51b73011d0f6adaed23165ba3a11a9ed995b0ad7b5f2fc4260edec1d64d
- SHA512
  
  c51a4ef6bf5a8d73e1e1bd7c25390b37446502f9068415e191dd5a2ee7d8ed8f76e209a2df787c4ca9d8ab2fa42e09621a5dc987b7fba52aae2344b9463e6716
- SSDEEP
  
  6144:dagb5p4oZflvsjew3f+vW5FLUKMAOUH1ITdKoaH4rAYjIOleDML1RP9tTd:Lp4oZflvB0vM+c/aYrvjHRV1d
Score

10^/10

redline slovarik15btc infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineslovarik15btcinfostealerspyware