redline | 8d7fea8b9e48293401a56540804b011a2089b25ec4704e88e92f15215ae50e1e | Triage

Sharing

General

Target

Setup.rar
Size

137KB
Sample

230102-qaywmsec46
MD5

a1b2130763e931ebda8070d9f9d9106b
SHA1

a616fc88e9492c6ba7a5dd9ced3dfbdfc04170bc
SHA256

8d7fea8b9e48293401a56540804b011a2089b25ec4704e88e92f15215ae50e1e
SHA512

b34cea9abb11a4ad337c84fe3b7f2f1b3eb9c4c180d1cffbdbed13a5c58b27f33c9091b5dbd7da9b51029f74b401c9f238f60b3ffac57a6714544b6165153ee3
SSDEEP

3072:TLZ9yN/WwnYvUIgxn+mHqASf3IYyzN72vau7SSzD6FTn:TLZgN/Sgx+XQYyzN74SvFL

Score

10^/10

redline 5465669851_99 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

5465669851_99

C2

marooner.top:3306

marooner.top:28786

Attributes

auth_value
0bbd9db0e62de6eb313dea3a39765f5c

Targets

- Target
  
  Setup/Setup.exe
- Size
  
  679.6MB
- MD5
  
  0e6af4159bed3dabbe34defe2ef4af86
- SHA1
  
  22d07f2477d5c9253b217f53a24e7356cdd14ea0
- SHA256
  
  d1f9c27dbac838ce683dee39c65e8bf92580ed1d4b2ee4a24f2f4df8a4ed162e
- SHA512
  
  675669cf63e6a706c33baac64bf12d0994467bcdb16f13e2a3b5e1844ea4cf58a77cfd8262eac09a535b47fe26d7a4e3b67915856676a8057ff7aadc61841c1d
- SSDEEP
  
  3072:Be2SdyvMyQWwZZtspyCIEMyA3rOE6T7HiNBzO:42WyC2pyCxMF3iE6T7Ha
Score

10^/10

redline 5465669851_99 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline5465669851_99infostealerspyware

behavioral2

redline5465669851_99infostealerspyware