redline | 701e71b008f60ce7169b9ca046cf12ed79ff47942ac2443eeab1751b3f169fca | Triage

Sharing

General

Target

file.exe
Size

7.9MB
Sample

221204-ymhzysef5w
MD5

63cc611c54ebf90806061d94dfb7e1a8
SHA1

d70382bb56bdf63ff19ac01c8c25800467198938
SHA256

701e71b008f60ce7169b9ca046cf12ed79ff47942ac2443eeab1751b3f169fca
SHA512

f3aa77a78dcf295fc259cffbd31625c3f0deb2a270a94a4bd6a6da4922201a4d30c304a15e6703f5a61ad49390060d54e68210cb2431c497738bc44572909a9f
SSDEEP

49152:WLJq4qjSk3nx+bnFOlsdBg/0C8vJrdw9ZoEan:WLJq4qjSk3nx+bnp4/+vEan

Score

10^/10

redline install infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

manddarinn.art:81

Attributes

auth_value
f9affed97251c08e7a096257ba9edfb2

Targets

- Target
  
  file.exe
- Size
  
  7.9MB
- MD5
  
  63cc611c54ebf90806061d94dfb7e1a8
- SHA1
  
  d70382bb56bdf63ff19ac01c8c25800467198938
- SHA256
  
  701e71b008f60ce7169b9ca046cf12ed79ff47942ac2443eeab1751b3f169fca
- SHA512
  
  f3aa77a78dcf295fc259cffbd31625c3f0deb2a270a94a4bd6a6da4922201a4d30c304a15e6703f5a61ad49390060d54e68210cb2431c497738bc44572909a9f
- SSDEEP
  
  49152:WLJq4qjSk3nx+bnFOlsdBg/0C8vJrdw9ZoEan:WLJq4qjSk3nx+bnp4/+vEan
Score

10^/10

redline install infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlineinstallinfostealerspyware