redline | 4c7246951166a11ba0ed2577de2949f1226b606d1c9a64e4a063e84e2e1def1e | Triage

Sharing

General

Target

802bd614cedfd9dc9bee28bc6d3a45e8.exe
Size

2.1MB
Sample

230121-dwxt9aad96
MD5

802bd614cedfd9dc9bee28bc6d3a45e8
SHA1

3c750bf34a87f59a26d46a05e174b7609ea38e62
SHA256

4c7246951166a11ba0ed2577de2949f1226b606d1c9a64e4a063e84e2e1def1e
SHA512

2b0ca049bdc3cbd8cdd256c3e9a52d68b8eb9022209fd4cdea2fb09a694c14ffc853b38c4194fef532e64586f686818e4ec6a5cd7cfa6f2e392186d1f2bb72ee
SSDEEP

6144:6foea8KXZ29zmDrQ/fzX5BzML0trXSnMwIOb3IWOdn13:6dbMsUwBWSrXSnMwIyd213

Score

10^/10

redline 13 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

13

C2

194.87.199.66:8644

Attributes

auth_value
fda50e7057988ab2816c22a840c24dab

Targets

- Target
  
  802bd614cedfd9dc9bee28bc6d3a45e8.exe
- Size
  
  2.1MB
- MD5
  
  802bd614cedfd9dc9bee28bc6d3a45e8
- SHA1
  
  3c750bf34a87f59a26d46a05e174b7609ea38e62
- SHA256
  
  4c7246951166a11ba0ed2577de2949f1226b606d1c9a64e4a063e84e2e1def1e
- SHA512
  
  2b0ca049bdc3cbd8cdd256c3e9a52d68b8eb9022209fd4cdea2fb09a694c14ffc853b38c4194fef532e64586f686818e4ec6a5cd7cfa6f2e392186d1f2bb72ee
- SSDEEP
  
  6144:6foea8KXZ29zmDrQ/fzX5BzML0trXSnMwIOb3IWOdn13:6dbMsUwBWSrXSnMwIyd213
Score

10^/10

redline 13 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline13infostealerspyware

behavioral2

redline13infostealerspyware