redline | 9d349a85859fede2540d74d39ea7a84f14a99ef38657ffe696ac999f8949fe0d | Triage

Sharing

General

Target

4be4fa96fca0882f20c11f0e5217486b.bin
Size

129KB
Sample

230225-bk29gsbd7z
MD5

17d1bc30e59a25146f8d9294d67355b4
SHA1

8b17f25dc0b9f3d57186462a6e9d8568594028f4
SHA256

9d349a85859fede2540d74d39ea7a84f14a99ef38657ffe696ac999f8949fe0d
SHA512

f380b72b70fe77fff09684988f1481e70f518c86818aaeb20cfada06b94a9512a6f1626a7d83b89f97cb7ae9ed74002ab231919004bb0a15d0dfaa544447e175
SSDEEP

3072:YY6cjlFfcmAPtOGnhriYcojUodZ9ZN4xV6s50694bxn:B607fHANMmjUM3anhqb5

Score

10^/10

redline sup infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Sup

C2

45.15.156.223:42971

Attributes

auth_value
472a180e669f28c84ebddeebf18234c8

Targets

- Target
  
  94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a.exe
- Size
  
  251KB
- MD5
  
  4be4fa96fca0882f20c11f0e5217486b
- SHA1
  
  e5f16d07a554a1c2a4482a84b058f73cb9e757c7
- SHA256
  
  94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a
- SHA512
  
  f7d2f3f37aa840a5402be801239f15855892a48bf9eca998e8c459da83e52fd6e8b68e066d3657936ea1022a0a381e4b9800d7adb75756ece22be4fb3da27635
- SSDEEP
  
  6144:GGCY4I6GKyqr9YGzoUQbTmvYcR+C+eEO7wO:GGCY949YGW4R+CBE8
Score

10^/10

redline sup infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesupinfostealerspyware

behavioral2

redlinesupinfostealerspyware