redline | 8ae79bd64f0f7222b4b2130855e80228efa732505718bf2f436927c6315ce8f4 | Triage

Sharing

General

Target

eb36f015654cfb68e986189b29c2b875.exe
Size

214KB
Sample

221230-ld7kqsfc93
MD5

eb36f015654cfb68e986189b29c2b875
SHA1

15f6c5e951aaed2db92f94363ecbee345095dd66
SHA256

8ae79bd64f0f7222b4b2130855e80228efa732505718bf2f436927c6315ce8f4
SHA512

a0434575b1d94e421c35abfb38cc39fea4908719350e2e6249dfbfe3c2a020e609d59fc51d88cc60d25eee234581ed78a8a429fd59161a8c2c7fb678a64ea212
SSDEEP

6144:hCQurTr1TmEgUernVrKVgkXrSkSaFTg/r:hJS/1TmmInNOgCmraFc

Score

10^/10

redline test infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

test

C2

185.215.113.14:4709

Attributes

auth_value
893495d0f145810bbb3a3733603ea9fb

Targets

- Target
  
  eb36f015654cfb68e986189b29c2b875.exe
- Size
  
  214KB
- MD5
  
  eb36f015654cfb68e986189b29c2b875
- SHA1
  
  15f6c5e951aaed2db92f94363ecbee345095dd66
- SHA256
  
  8ae79bd64f0f7222b4b2130855e80228efa732505718bf2f436927c6315ce8f4
- SHA512
  
  a0434575b1d94e421c35abfb38cc39fea4908719350e2e6249dfbfe3c2a020e609d59fc51d88cc60d25eee234581ed78a8a429fd59161a8c2c7fb678a64ea212
- SSDEEP
  
  6144:hCQurTr1TmEgUernVrKVgkXrSkSaFTg/r:hJS/1TmmInNOgCmraFc
Score

10^/10

redline test infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetestinfostealerspyware

behavioral2

redlinetestinfostealerspyware