redline | 1f531a7a7e0024d96701bd6c09c97cda0e56690deb7b53b9b855017000bf0baa | Triage

Sharing

General

Target

red.png
Size

420KB
Sample

221108-rbd4asbac3
MD5

8deb78e7465c7aa01dce0f7b56afd75a
SHA1

46dfe591424f1c811c6da80b81ca3962e8667588
SHA256

1f531a7a7e0024d96701bd6c09c97cda0e56690deb7b53b9b855017000bf0baa
SHA512

c6a9d751ab704d5c7ea56f4b7377b2e6a81e4f1098b6765ece65685dab39289ead9f869bd6913b14b36e7379bc947c2392d42e6e2dc8020f098d63fb7588cda1
SSDEEP

6144:cRRIHFh8pCFAECNTT0vgPq+jscEI+ZVF10o+mjgQrsSJI5ELFTVoZphtyUfku2wy:cPCFST04y+0hVjbihU

Score

10^/10

redline $infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

$

C2

62.204.41.34:1188

Attributes

auth_value
bbb8c6d9124694fed57447b1568ddeec

Targets

- Target
  
  red.png
- Size
  
  420KB
- MD5
  
  8deb78e7465c7aa01dce0f7b56afd75a
- SHA1
  
  46dfe591424f1c811c6da80b81ca3962e8667588
- SHA256
  
  1f531a7a7e0024d96701bd6c09c97cda0e56690deb7b53b9b855017000bf0baa
- SHA512
  
  c6a9d751ab704d5c7ea56f4b7377b2e6a81e4f1098b6765ece65685dab39289ead9f869bd6913b14b36e7379bc947c2392d42e6e2dc8020f098d63fb7588cda1
- SSDEEP
  
  6144:cRRIHFh8pCFAECNTT0vgPq+jscEI+ZVF10o+mjgQrsSJI5ELFTVoZphtyUfku2wy:cPCFST04y+0hVjbihU
Score

10^/10

redline $infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline$infostealerspyware