redline | e22cd3a8e74e1e54cdcb25232b5d7c77c8581df0df866725be0cbddfa48404de | Triage

Sharing

General

Target

file.exe
Size

1.5MB
Sample

230327-s3715aeb25
MD5

22a52fd6cde6f16f8d8a533cab615d69
SHA1

8d650de9ebd4b0d77ef09c271a9e5483874bba30
SHA256

e22cd3a8e74e1e54cdcb25232b5d7c77c8581df0df866725be0cbddfa48404de
SHA512

3bea0d75d1c1da0a47dbe8c7051a4065138eae195926d543119b4e8a70c1f11acc2aa93a03bd46bb7c0a506af0e7b7ecb5eea762734cb9778e1870df4849938c
SSDEEP

6144:2n9R71FvLHFla0OR/AOOp/QP/ojxzPPkq7n+UG39P:2n9R71FO8W59P

Score

10^/10

redline @ahshar12345 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@Ahshar12345

C2

185.244.181.112:48240

Attributes

auth_value
8bf7e8c04562e2858987a43cd0ad10df

Targets

- Target
  
  file.exe
- Size
  
  1.5MB
- MD5
  
  22a52fd6cde6f16f8d8a533cab615d69
- SHA1
  
  8d650de9ebd4b0d77ef09c271a9e5483874bba30
- SHA256
  
  e22cd3a8e74e1e54cdcb25232b5d7c77c8581df0df866725be0cbddfa48404de
- SHA512
  
  3bea0d75d1c1da0a47dbe8c7051a4065138eae195926d543119b4e8a70c1f11acc2aa93a03bd46bb7c0a506af0e7b7ecb5eea762734cb9778e1870df4849938c
- SSDEEP
  
  6144:2n9R71FvLHFla0OR/AOOp/QP/ojxzPPkq7n+UG39P:2n9R71FO8W59P
Score

10^/10

redline @ahshar12345 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@ahshar12345infostealerspyware

behavioral2

redline@ahshar12345infostealerspyware