redline | 5889701edea47f9066444e22416768b6ce8161882d9b674bd4ff396a7b6894a3 | Triage

Sharing

General

Target

0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f.zip
Size

3.3MB
Sample

230328-md19dscb5t
MD5

158ecfd6954c8a12e4a57c987ae52743
SHA1

e645681217455432e61fdcca30818bf2dc423777
SHA256

5889701edea47f9066444e22416768b6ce8161882d9b674bd4ff396a7b6894a3
SHA512

c33f65966621c7e2280d84fdd19a59c62bf088b88c14e09559e88f394ef67eb826e6cf4ef1279d170cc294b8d977eec63c5d864c1b41a656424aff54075d2c7c
SSDEEP

98304:JE41SPmXk+yJgWGanXX7WbnHzEWvojLcirrKyQXoN+WgA:BSujWRnXXybT8HyPXoNRgA

Score

10^/10

redline teamshtorm2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

TEAMSHTORM2

C2

89.23.96.71:23288

Attributes

auth_value
72fd180664c5b4a9157fac724352167e

Targets

- Target
  
  0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f
- Size
  
  6.9MB
- MD5
  
  847659c3764c1df0df42572d18d7a665
- SHA1
  
  bbeec55f6d2331c2777e392879e1766a5f5452c9
- SHA256
  
  0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f
- SHA512
  
  b3e3e8e537dc6501640bfba489f40ead6fe4d802ba0889cc82d12e7024dc0171cda5f938b5a91792af519512df4560a6e8ec2c89278132d3e038db00310e3c31
- SSDEEP
  
  49152:bFk1xJD5Wlgqinnm4upZ5oE7tQmLs0CNMMkxQwCmb6ApweeqNpdRPGa3:bi1nnm4uBtLAMDKmbve8dR
Score

10^/10

redline teamshtorm2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineteamshtorm2infostealerspyware

behavioral2

redlineinfostealer