redline | 9477b309c3faadec88e657fc58dd985a0cc00b05c214d97d5f00291bd068b640 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9477B309C3FAADEC88E657FC58DD985A0CC00B05C214D.exe
Size

276KB
Sample

230311-tn1h6sad72
MD5

2aa86eed5d987429daa223bf092948a8
SHA1

00061f0fe50a0f2c53804729acebe30e18d2e3b0
SHA256

9477b309c3faadec88e657fc58dd985a0cc00b05c214d97d5f00291bd068b640
SHA512

ca0e93759d665cafdd371ae53cb36bd8874bdae6c7539b3b83d2fbb72c99687075aec06774748d686a595448111c5e6312446694426a042ca080dba1318a1366
SSDEEP

6144:DxoZEhkyxr9b601o8aicvq9SNPzbVaT5hYovGINFO:eZEjf601tc9LcT5hHe

Score

10^/10

redline @averdar infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@Averdar

C2

ofriaransim.shop:80

Attributes

auth_value
02fe29446a25eec014e04c956ccfdcfc

Targets

- Target
  
  9477B309C3FAADEC88E657FC58DD985A0CC00B05C214D.exe
- Size
  
  276KB
- MD5
  
  2aa86eed5d987429daa223bf092948a8
- SHA1
  
  00061f0fe50a0f2c53804729acebe30e18d2e3b0
- SHA256
  
  9477b309c3faadec88e657fc58dd985a0cc00b05c214d97d5f00291bd068b640
- SHA512
  
  ca0e93759d665cafdd371ae53cb36bd8874bdae6c7539b3b83d2fbb72c99687075aec06774748d686a595448111c5e6312446694426a042ca080dba1318a1366
- SSDEEP
  
  6144:DxoZEhkyxr9b601o8aicvq9SNPzbVaT5hYovGINFO:eZEjf601tc9LcT5hHe
Score

10^/10

redline @averdar infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@averdarinfostealerspyware

behavioral2

redline@averdarinfostealerspyware