redline | 431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361 | Triage

Sharing

General

Target

file.exe
Size

1.1MB
Sample

221114-2d8qssdh99
MD5

5e7c07b9aa0668fa2971747bb4fade1e
SHA1

7fae544f73f2a8fb7a340a20ec47f76370fbd487
SHA256

431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361
SHA512

5c9c65c99f0c8a5aaa2beac1a0c4304a1cb2ea808eeb6bbe11c2852d6e9fbad8bb68faa5f778848dade617e1c5ee1fb9dae566d7a064b05fdaa30a03019b868f
SSDEEP

24576:UFN0MuPkLGGnOSibw038m26NvoxP9pR3asqdKX+iu+dLP22ALaCET:GWkBSTNqxP9f3aDi+iugT

Score

10^/10

redline rozena1114 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

rozena1114

C2

jalocliche.xyz:81

chardhesha.xyz:81

Attributes

auth_value
9fefd743a3b62bcd7c3e17a70fbdb3a8

Targets

- Target
  
  file.exe
- Size
  
  1.1MB
- MD5
  
  5e7c07b9aa0668fa2971747bb4fade1e
- SHA1
  
  7fae544f73f2a8fb7a340a20ec47f76370fbd487
- SHA256
  
  431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361
- SHA512
  
  5c9c65c99f0c8a5aaa2beac1a0c4304a1cb2ea808eeb6bbe11c2852d6e9fbad8bb68faa5f778848dade617e1c5ee1fb9dae566d7a064b05fdaa30a03019b868f
- SSDEEP
  
  24576:UFN0MuPkLGGnOSibw038m26NvoxP9pR3asqdKX+iu+dLP22ALaCET:GWkBSTNqxP9f3aDi+iugT
Score

10^/10

redline rozena1114 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinerozena1114infostealerspyware