redline | cd63b5143bd299d08ec3f39f7dca0a04d18eb6e7628a80a1fd6ed6d2f51ce79e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EagleEye Spoofer.exe
Size

259KB
Sample

230324-fhkzmsed21
MD5

2c2bd5c71a49d544c77d12ad7d7191c5
SHA1

5919b836653b0640e9a221bb320bef69858058e0
SHA256

cd63b5143bd299d08ec3f39f7dca0a04d18eb6e7628a80a1fd6ed6d2f51ce79e
SHA512

9dec5547053f48e27c869399dbc17fbd4707381857106e6ab4df3f3b241bfccd26683112b1a9380bb1eecccde97757518b12ba6533ed91248e37e7a9c011a98a
SSDEEP

3072:KodRR9RgRJy2IueBzR+whP/OEMOeimE73AZhr0j1fUkqWFvZjN7lNVphGQMW4nwN:KCR9RgW2wVTMpSJxxZxl5h0jnMd

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

82.115.223.46:57672

Attributes

auth_value
18258fd5b91c009abc13fd6b7dd81f3e

Targets

- Target
  
  EagleEye Spoofer.exe
- Size
  
  259KB
- MD5
  
  2c2bd5c71a49d544c77d12ad7d7191c5
- SHA1
  
  5919b836653b0640e9a221bb320bef69858058e0
- SHA256
  
  cd63b5143bd299d08ec3f39f7dca0a04d18eb6e7628a80a1fd6ed6d2f51ce79e
- SHA512
  
  9dec5547053f48e27c869399dbc17fbd4707381857106e6ab4df3f3b241bfccd26683112b1a9380bb1eecccde97757518b12ba6533ed91248e37e7a9c011a98a
- SSDEEP
  
  3072:KodRR9RgRJy2IueBzR+whP/OEMOeimE73AZhr0j1fUkqWFvZjN7lNVphGQMW4nwN:KCR9RgW2wVTMpSJxxZxl5h0jnMd
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware