redline | 3b4f1c256654c777aafbb046222f603abc68b893d1153d493c1ad9c505db8503 | Triage

Sharing

General

Target

14ae81efb3075204d1a32a36f15835a6.exe
Size

241KB
Sample

230112-ntewrsfg94
MD5

14ae81efb3075204d1a32a36f15835a6
SHA1

15886b3731063ace4367eba3d304616b3c79ea8b
SHA256

3b4f1c256654c777aafbb046222f603abc68b893d1153d493c1ad9c505db8503
SHA512

30b527cc5b32a63315fc43adc0cb31984475d1fe4024bf119526d3ef3b9292bd5383e64cd30e13e3bcff18152e30f5ba8d2663876743d8193081c57ed5504127
SSDEEP

3072:QDQQMGKPxDte8QpmjHuGfDbT3gubnBLJi16Zzb2JC3:Q0QMNFte/oOAT3jnBLJi16xb2

Score

10^/10

redline 3 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

3

C2

185.242.86.55:37832

Attributes

auth_value
6d2d19febb55544b17de28698fd3b161

Targets

- Target
  
  14ae81efb3075204d1a32a36f15835a6.exe
- Size
  
  241KB
- MD5
  
  14ae81efb3075204d1a32a36f15835a6
- SHA1
  
  15886b3731063ace4367eba3d304616b3c79ea8b
- SHA256
  
  3b4f1c256654c777aafbb046222f603abc68b893d1153d493c1ad9c505db8503
- SHA512
  
  30b527cc5b32a63315fc43adc0cb31984475d1fe4024bf119526d3ef3b9292bd5383e64cd30e13e3bcff18152e30f5ba8d2663876743d8193081c57ed5504127
- SSDEEP
  
  3072:QDQQMGKPxDte8QpmjHuGfDbT3gubnBLJi16Zzb2JC3:Q0QMNFte/oOAT3jnBLJi16xb2
Score

10^/10

redline 3 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline3infostealerspyware

behavioral2

redline3infostealerspyware