redline | 1c624915c8c7c82d436f0c5480fb8850d8fbb4c195e56d78d9ba438aa2f2305e | Triage

Sharing

General

Target

Battle Seekers Launcher (Beta).exe
Size

4.1MB
Sample

221206-vvt6eage67
MD5

4881b2c1686d3fbb733ce0491f679a9c
SHA1

e4b5dca72da311237653818289518e5925344f09
SHA256

1c624915c8c7c82d436f0c5480fb8850d8fbb4c195e56d78d9ba438aa2f2305e
SHA512

707cf68396c00832ba2ae6249d90a392fb8b2e0fda1eab67520e8bb9baff76b4c6e9415259b5c1f454bdd907e1ab1b3fc9ebfe0d3ede1ad39acec24a3179563b
SSDEEP

98304:36a6T13ABtnyEZMkEPVcQFU1ko0zPrltOC4tihb:L6T13AHnyMMV9cskkBPb4tih

Score

10^/10

redline xmas infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

xmas

C2

79.137.199.206:45354

Attributes

auth_value
47dd71225cb3a0a92188486269819009

Targets

- Target
  
  Battle Seekers Launcher (Beta).exe
- Size
  
  4.1MB
- MD5
  
  4881b2c1686d3fbb733ce0491f679a9c
- SHA1
  
  e4b5dca72da311237653818289518e5925344f09
- SHA256
  
  1c624915c8c7c82d436f0c5480fb8850d8fbb4c195e56d78d9ba438aa2f2305e
- SHA512
  
  707cf68396c00832ba2ae6249d90a392fb8b2e0fda1eab67520e8bb9baff76b4c6e9415259b5c1f454bdd907e1ab1b3fc9ebfe0d3ede1ad39acec24a3179563b
- SSDEEP
  
  98304:36a6T13ABtnyEZMkEPVcQFU1ko0zPrltOC4tihb:L6T13AHnyMMV9cskkBPb4tih
Score

10^/10

redline xmas infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexmasinfostealerspyware

behavioral2

redlinexmasinfostealer