redline | 458d2e1bc2bb46bd5610bf3faa5d48f3718ad72174d7da25c12ccdf8ff7e0570 | Triage

Sharing

General

Target

90b902a384f7b3da868569a30cbebf140a895fcf028653dfbfb90f5fa6d0d21e.exe.vir
Size

4.2MB
Sample

221202-dkdbgagc68
MD5

0893aeeca2f3b788f3281b40f432ea87
SHA1

ee329d6690fa9083926f47467c6f4b5699409247
SHA256

458d2e1bc2bb46bd5610bf3faa5d48f3718ad72174d7da25c12ccdf8ff7e0570
SHA512

f524fc78f422782abd90daa549169ec7e65f162a249da794ab22884f66d39ca6955b8224f0e1432c290d562affff52f1e02cbac267ca7a74b1ec59b1540eece9
SSDEEP

98304:S+W2tgj7eiP1+bzgJyM4sYXCl6fMX2hs/4Tq9KLz63g:SStgmq1og8AkC4fMlQ

Score

10^/10

redline pro infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pro

C2

79.137.199.206:45354

Attributes

auth_value
e20e8d1492a37ff0cfab3cd3f6c60362

Targets

- Target
  
  90b902a384f7b3da868569a30cbebf140a895fcf028653dfbfb90f5fa6d0d21e.exe.vir
- Size
  
  4.2MB
- MD5
  
  0893aeeca2f3b788f3281b40f432ea87
- SHA1
  
  ee329d6690fa9083926f47467c6f4b5699409247
- SHA256
  
  458d2e1bc2bb46bd5610bf3faa5d48f3718ad72174d7da25c12ccdf8ff7e0570
- SHA512
  
  f524fc78f422782abd90daa549169ec7e65f162a249da794ab22884f66d39ca6955b8224f0e1432c290d562affff52f1e02cbac267ca7a74b1ec59b1540eece9
- SSDEEP
  
  98304:S+W2tgj7eiP1+bzgJyM4sYXCl6fMX2hs/4Tq9KLz63g:SStgmq1og8AkC4fMlQ
Score

10^/10

redline pro infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineproinfostealerspyware

behavioral2

redlineproinfostealerspyware