redline | 1ea03ff28b0d298df3ce81e3b849edf165ef6896f2b052397e47bca35febb006 | Triage

Sharing

General

Target

file.exe
Size

508KB
Sample

221212-twc3vaee8v
MD5

f77fcc813cc54fc9c2e3e652bfb84071
SHA1

5e619c4acbbbb1eb8f79faa48304eb8b09196294
SHA256

1ea03ff28b0d298df3ce81e3b849edf165ef6896f2b052397e47bca35febb006
SHA512

33d46d5e2a522f24fdb67fa5ecb8d2acceb0eca9809ac506baf691107fbe6d4a2dc4e090af9066d01b07eb389a6bf57d147eb3d07450191cd51df9dfb059d9e3
SSDEEP

12288:UtAOlF5pcjveuL0+m/UUHoiwvBSocsvyromDt1is2SkUau:UthX6hsnHAvBPvyromDt1dku

Score

10^/10

redline install infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

manddarinn.art:81

Attributes

auth_value
f9affed97251c08e7a096257ba9edfb2

Targets

- Target
  
  file.exe
- Size
  
  508KB
- MD5
  
  f77fcc813cc54fc9c2e3e652bfb84071
- SHA1
  
  5e619c4acbbbb1eb8f79faa48304eb8b09196294
- SHA256
  
  1ea03ff28b0d298df3ce81e3b849edf165ef6896f2b052397e47bca35febb006
- SHA512
  
  33d46d5e2a522f24fdb67fa5ecb8d2acceb0eca9809ac506baf691107fbe6d4a2dc4e090af9066d01b07eb389a6bf57d147eb3d07450191cd51df9dfb059d9e3
- SSDEEP
  
  12288:UtAOlF5pcjveuL0+m/UUHoiwvBSocsvyromDt1is2SkUau:UthX6hsnHAvBPvyromDt1dku
Score

10^/10

redline install infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinstallinfostealerspyware

behavioral2

redlineinstallinfostealerspyware