redline | 1657d5cdd4103201ca6213c250d433ba39bc9b05fb0097f51de6502456feb4d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

1.6MB
Sample

230109-smbmzsab51
MD5

ad5150bcec261bf10ce708b3126136d1
SHA1

3e8de5e0b43b17627b6bad511ed7c8baa067f609
SHA256

1657d5cdd4103201ca6213c250d433ba39bc9b05fb0097f51de6502456feb4d0
SHA512

67f7338c56b4441d9fe3554093f5b027062fb25b0cae37810e0ef1ed73ba3e8314dca8c6187cc85fe7b8b3c312d4d3ed54d6e77c811b4b95bd96a4c3d31e2c9a
SSDEEP

12288:CWK2LqxWH4YpsfpJW/nklttHxAPrU3pSqclZUyeg0nZ+oB534gSul42C0lYPDshI:CDj0Zez4uwAnbSKd+IbyqosuhgBdQy2

Score

10^/10

redline medi2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Medi2

C2

167.235.156.206:6218

Attributes

auth_value
415e49528666a4468e12b696ddda231f

Targets

- Target
  
  file.exe
- Size
  
  1.6MB
- MD5
  
  ad5150bcec261bf10ce708b3126136d1
- SHA1
  
  3e8de5e0b43b17627b6bad511ed7c8baa067f609
- SHA256
  
  1657d5cdd4103201ca6213c250d433ba39bc9b05fb0097f51de6502456feb4d0
- SHA512
  
  67f7338c56b4441d9fe3554093f5b027062fb25b0cae37810e0ef1ed73ba3e8314dca8c6187cc85fe7b8b3c312d4d3ed54d6e77c811b4b95bd96a4c3d31e2c9a
- SSDEEP
  
  12288:CWK2LqxWH4YpsfpJW/nklttHxAPrU3pSqclZUyeg0nZ+oB534gSul42C0lYPDshI:CDj0Zez4uwAnbSKd+IbyqosuhgBdQy2
Score

10^/10

redline medi2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemedi2infostealerspyware

behavioral2