redline | a3e14c8ced3917bb9ea25ad0ac3c9f87369d9d16348e028ee20b770d1e44fa9e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

261KB
Sample

230321-bfbwqsgb44
MD5

20704669f05ba30af8912916f8a2cc1a
SHA1

b5e1c88e3e98adb62909516aa406358c96a9a4ac
SHA256

a3e14c8ced3917bb9ea25ad0ac3c9f87369d9d16348e028ee20b770d1e44fa9e
SHA512

171d1321c586eced931bc6d4ede2d08e18cff56f504bab589679f286ac46f7267f92eef292e2c49ae275f7d6affd6da3ea055fd26ee70c018525c2bf0ddd7b5e
SSDEEP

3072:nwUEID31U40ByGrwB9CfxLR7hh711VsZv0HEn3a8+JkMKt87QxvFPt0HKqCJxIxB:wU5lUFjwB9CfxNhh11V4+9ExFeHKO

Score

10^/10

redline personallive7777 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

personallive7777

C2

176.123.9.142:14845

Attributes

auth_value
a22f8b4d4790a36aad8ac8f9e1a5cca0

Targets

- Target
  
  file
- Size
  
  261KB
- MD5
  
  20704669f05ba30af8912916f8a2cc1a
- SHA1
  
  b5e1c88e3e98adb62909516aa406358c96a9a4ac
- SHA256
  
  a3e14c8ced3917bb9ea25ad0ac3c9f87369d9d16348e028ee20b770d1e44fa9e
- SHA512
  
  171d1321c586eced931bc6d4ede2d08e18cff56f504bab589679f286ac46f7267f92eef292e2c49ae275f7d6affd6da3ea055fd26ee70c018525c2bf0ddd7b5e
- SSDEEP
  
  3072:nwUEID31U40ByGrwB9CfxLR7hh711VsZv0HEn3a8+JkMKt87QxvFPt0HKqCJxIxB:wU5lUFjwB9CfxNhh11V4+9ExFeHKO
Score

10^/10

redline personallive7777 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepersonallive7777infostealerspyware

behavioral2

redlinepersonallive7777infostealerspyware