redline | 5fee060bb26c37da4d1205d84d457ed8513e59987a41a0ad094451f4ff14e4d8 | Triage

Sharing

General

Target

file.exe
Size

1.4MB
Sample

230125-pjbl2ahf21
MD5

58768775fb249bfb2aa735b56d3a1fec
SHA1

efcede7f10c967a247d00f88404101475158f161
SHA256

5fee060bb26c37da4d1205d84d457ed8513e59987a41a0ad094451f4ff14e4d8
SHA512

21557d094db1a34ef105fae71c890002df6367d57d72a55c0ebe6b05479d9433e1d3d2d54530c21c3b303e720acc6aed7368de79fb75c457ea2189db8b08ec33
SSDEEP

24576:SeUtDZymgB2iuW3dBTn1H+OuznaXlEiSoMgFLo3dDGe02VWr2lHMhxqqipo:pUbCoKdBT1eOuzaXlEi8uX57sHMIq/

Score

10^/10

redline torrentold infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

TORRENTOLD

C2

amrican-sport-live-stream.cc:4581

Attributes

auth_value
74e1b58bf920611f04c0e3919954fe05

Targets

- Target
  
  file.exe
- Size
  
  1.4MB
- MD5
  
  58768775fb249bfb2aa735b56d3a1fec
- SHA1
  
  efcede7f10c967a247d00f88404101475158f161
- SHA256
  
  5fee060bb26c37da4d1205d84d457ed8513e59987a41a0ad094451f4ff14e4d8
- SHA512
  
  21557d094db1a34ef105fae71c890002df6367d57d72a55c0ebe6b05479d9433e1d3d2d54530c21c3b303e720acc6aed7368de79fb75c457ea2189db8b08ec33
- SSDEEP
  
  24576:SeUtDZymgB2iuW3dBTn1H+OuznaXlEiSoMgFLo3dDGe02VWr2lHMhxqqipo:pUbCoKdBT1eOuzaXlEi8uX57sHMIq/
Score

10^/10

redline torrentold infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetorrentoldinfostealerspyware

behavioral2

redlinetorrentoldinfostealerspyware