redline | 6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8 | Triage

Sharing

General

Target

6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
Size

261KB
Sample

230320-bgnlxsba43
MD5

d4dc65ad800c813f2620480ea13465c8
SHA1

706b23422f53bf4b77145621d537084686b1a84a
SHA256

6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
SHA512

a9500576f848ef86a522f19ac9b7b3cdacc2e03b38a188ef13afa11b48cd12af9f23dc838f1cfed2bf1e7b3d82a7cfdcf6e83add97191ede5a8a8011424f5608
SSDEEP

3072:BQdvD31Z02yTrCF9Cfvw75RatnY1X5EHKn3aMZU8aC1arKkeY0YvFPtftqtyJxI/:BQtFKvCF9CfveRwnAAkZy8aeYFBtM

Score

10^/10

redline build_main infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

build_main

C2

80.85.156.168:20189

Attributes

auth_value
5e5c9cacc6d168f8ade7fb6419edb114

Targets

- Target
  
  6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
- Size
  
  261KB
- MD5
  
  d4dc65ad800c813f2620480ea13465c8
- SHA1
  
  706b23422f53bf4b77145621d537084686b1a84a
- SHA256
  
  6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
- SHA512
  
  a9500576f848ef86a522f19ac9b7b3cdacc2e03b38a188ef13afa11b48cd12af9f23dc838f1cfed2bf1e7b3d82a7cfdcf6e83add97191ede5a8a8011424f5608
- SSDEEP
  
  3072:BQdvD31Z02yTrCF9Cfvw75RatnY1X5EHKn3aMZU8aC1arKkeY0YvFPtftqtyJxI/:BQtFKvCF9CfveRwnAAkZy8aeYFBtM
Score

10^/10

redline build_main infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinebuild_maininfostealerspyware

behavioral2

redlinebuild_maininfostealerspyware