redline | b67148279cb0eccef45564104edd28528895706d8f15fc9a806387f5bcc8752f | Triage

Sharing

General

Target

b67148279cb0eccef45564104edd28528895706d8f15f.exe
Size

276KB
Sample

230116-elscfsch5t
MD5

972f7adfdb8698188f4823ab492a57fa
SHA1

5c2b3d50742dddbffbb1c568104805beb9001d65
SHA256

b67148279cb0eccef45564104edd28528895706d8f15fc9a806387f5bcc8752f
SHA512

2da2e73cab249853078d7d35a24806b1c15112ad976329ca3fe7bf16c84ad6614070e7163b6a614193cb91924463a2eadd4a8f98544048b6b2229b4a4b8bed3a
SSDEEP

6144:ExoZEhkyxrgb6rV4Vnsc5xxNMMbVaT5hYovGINYO:vZEj06rV3cXcT5hHR

Score

10^/10

redline 1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes

auth_value
b6c86adb7106e9ee7247628f59e06830

Targets

- Target
  
  b67148279cb0eccef45564104edd28528895706d8f15f.exe
- Size
  
  276KB
- MD5
  
  972f7adfdb8698188f4823ab492a57fa
- SHA1
  
  5c2b3d50742dddbffbb1c568104805beb9001d65
- SHA256
  
  b67148279cb0eccef45564104edd28528895706d8f15fc9a806387f5bcc8752f
- SHA512
  
  2da2e73cab249853078d7d35a24806b1c15112ad976329ca3fe7bf16c84ad6614070e7163b6a614193cb91924463a2eadd4a8f98544048b6b2229b4a4b8bed3a
- SSDEEP
  
  6144:ExoZEhkyxrgb6rV4Vnsc5xxNMMbVaT5hYovGINYO:vZEj06rV3cXcT5hHR
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1infostealerspyware

behavioral2

redline1infostealerspyware