redline | bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098 | Triage

Sharing

General

Target

a45e6fa02ca2dbeeb23d6fff96436a97.exe
Size

3.7MB
Sample

230123-xzd14age81
MD5

a45e6fa02ca2dbeeb23d6fff96436a97
SHA1

61ffee4cb8d28ca05b20076a5ba92aff99449ba7
SHA256

bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098
SHA512

aface0a7bd84fb503358087b27d891b6bac48f7d56c4e94dbd4cd4ad350ac3891e0180fb2a4cf76a516d753c9e5c12daea3b038c517cbf8268b7887a003f0707
SSDEEP

98304:sBuzuXKMr2WYU68OdYIebQ4kUny6yuuhk6R1J3bj+:h63TO8K6ypk6fRby

Score

10^/10

redline st1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

st1

C2

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes

auth_value
a7232a45d6034ee2454fc434093d8f12

Targets

- Target
  
  a45e6fa02ca2dbeeb23d6fff96436a97.exe
- Size
  
  3.7MB
- MD5
  
  a45e6fa02ca2dbeeb23d6fff96436a97
- SHA1
  
  61ffee4cb8d28ca05b20076a5ba92aff99449ba7
- SHA256
  
  bea9789e908b6a46592f963e652a858dde0a109de997819affc4b77cbc336098
- SHA512
  
  aface0a7bd84fb503358087b27d891b6bac48f7d56c4e94dbd4cd4ad350ac3891e0180fb2a4cf76a516d753c9e5c12daea3b038c517cbf8268b7887a003f0707
- SSDEEP
  
  98304:sBuzuXKMr2WYU68OdYIebQ4kUny6yuuhk6R1J3bj+:h63TO8K6ypk6fRby
Score

10^/10

redline st1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinest1infostealer

behavioral2

redlinest1infostealerspyware