redline | b708e7bd7a6aa2a217b89fbeb9faa15f9eb620a36e7e12ea820b26249d1b3dda | Triage

Sharing

General

Target

1a052ec0f7d517e57d985af90cebb4ff3cec8b56
Size

261KB
Sample

230102-pvw24shc5s
MD5

90adabace0ebc07b3d7aad1ca388198c
SHA1

1a052ec0f7d517e57d985af90cebb4ff3cec8b56
SHA256

b708e7bd7a6aa2a217b89fbeb9faa15f9eb620a36e7e12ea820b26249d1b3dda
SHA512

aab278f4e4684b42ed7c2efca64e597a213c9fa7b170fe585e11f1d0d46836ba7643ecebaaa215243b405014e9d49f39254fc7a55b1cb68d5ba36b1f1fc1e80d
SSDEEP

6144:QKL9ysoWI3xpQnlJK30ll9VaV2QTOqQmbY/PGkk:QmylxpClgK9cXSlC4+

Score

10^/10

redline @flomast infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@flomast

C2

82.115.223.138:35316

Attributes

auth_value
f81873a4b6883da83f3937093ca68161

Targets

- Target
  
  1a052ec0f7d517e57d985af90cebb4ff3cec8b56
- Size
  
  261KB
- MD5
  
  90adabace0ebc07b3d7aad1ca388198c
- SHA1
  
  1a052ec0f7d517e57d985af90cebb4ff3cec8b56
- SHA256
  
  b708e7bd7a6aa2a217b89fbeb9faa15f9eb620a36e7e12ea820b26249d1b3dda
- SHA512
  
  aab278f4e4684b42ed7c2efca64e597a213c9fa7b170fe585e11f1d0d46836ba7643ecebaaa215243b405014e9d49f39254fc7a55b1cb68d5ba36b1f1fc1e80d
- SSDEEP
  
  6144:QKL9ysoWI3xpQnlJK30ll9VaV2QTOqQmbY/PGkk:QmylxpClgK9cXSlC4+
Score

10^/10

redline @flomast infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@flomastinfostealerspyware

behavioral2

redline@flomastinfostealerspyware