redline | 5331428611e6a398284611837de8d995d012abbc444f69acfdfb370ef6655f88 | Triage

Sharing

General

Target

5331428611e6a398284611837de8d995d012abbc444f69acfdfb370ef6655f88
Size

3.7MB
Sample

230124-mr9spaca8v
MD5

c45975c51ac3505646133f98f1c62bca
SHA1

47380c1e4c08ea9d3a80c849e18d4af5c79753e3
SHA256

5331428611e6a398284611837de8d995d012abbc444f69acfdfb370ef6655f88
SHA512

fa8a3642cd9c0df1695947ba8016afd688f432d12075f33138a1015ed3e1767a36ae604d2b6e8f115497df0645bd70bc03f8fe22379dc9c454cba0d8440edb8e
SSDEEP

98304:l5V+XL/9v+YT5sUZI3VX6L9Ji5R3RsuznwhxkiC:bQb9v+m5aVy9Jixsu0xK

Score

10^/10

redline st1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

st1

C2

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes

auth_value
a7232a45d6034ee2454fc434093d8f12

Targets

- Target
  
  5331428611e6a398284611837de8d995d012abbc444f69acfdfb370ef6655f88
- Size
  
  3.7MB
- MD5
  
  c45975c51ac3505646133f98f1c62bca
- SHA1
  
  47380c1e4c08ea9d3a80c849e18d4af5c79753e3
- SHA256
  
  5331428611e6a398284611837de8d995d012abbc444f69acfdfb370ef6655f88
- SHA512
  
  fa8a3642cd9c0df1695947ba8016afd688f432d12075f33138a1015ed3e1767a36ae604d2b6e8f115497df0645bd70bc03f8fe22379dc9c454cba0d8440edb8e
- SSDEEP
  
  98304:l5V+XL/9v+YT5sUZI3VX6L9Ji5R3RsuznwhxkiC:bQb9v+m5aVy9Jixsu0xK
Score

10^/10

redline st1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinest1infostealerspyware