redline | 462bf8a2e19a3e2dd4e5635aa5089e7bdc291d5c5c4665549f64f67abf0b598a | Triage

Submit
Reports

Overview

overview

Static

static

1

New Section 1.one

windows7-x64

4

New Section 1.one

windows10-2004-x64

Resubmissions

30-03-2023 08:10

230330-j2y76adb8v 10

30-03-2023 06:06

230330-gttxcsbb64 10

Sharing

General

Target

New Section 1.one
Size

687KB
Sample

230330-j2y76adb8v
MD5

8ae07041e2b2c7201571f3b9541c3925
SHA1

f2c15ca4740fb2a1c11e8cd55181ba97caae3c77
SHA256

462bf8a2e19a3e2dd4e5635aa5089e7bdc291d5c5c4665549f64f67abf0b598a
SHA512

16643ff70f5b74a8516ad93625db110c6f04f29bb2fdc43009f1f77732e9a51b8d814872ff17598c3a014ebccf41aea396650f2a18a7cd69e83435443ba6e92d
SSDEEP

12288:CIjHiImv+fuHiMRLAlR88CQaAY3MjplVTK57xg/96LxY55W:DjH3+PiMRL98CkY3MrVqSs

Score

10^/10

redline kento infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

New Section 1.one

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Section 1.one

Resource

win10v2004-20230220-en

redline kento infostealer spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

kento

C2

172.245.45.213:3235

Attributes

auth_value
25782da22784dd4df09e2caa33275948

Targets

- Target
  
  New Section 1.one
- Size
  
  687KB
- MD5
  
  8ae07041e2b2c7201571f3b9541c3925
- SHA1
  
  f2c15ca4740fb2a1c11e8cd55181ba97caae3c77
- SHA256
  
  462bf8a2e19a3e2dd4e5635aa5089e7bdc291d5c5c4665549f64f67abf0b598a
- SHA512
  
  16643ff70f5b74a8516ad93625db110c6f04f29bb2fdc43009f1f77732e9a51b8d814872ff17598c3a014ebccf41aea396650f2a18a7cd69e83435443ba6e92d
- SSDEEP
  
  12288:CIjHiImv+fuHiMRLAlR88CQaAY3MjplVTK57xg/96LxY55W:DjH3+PiMRL98CkY3MrVqSs
Score

10^/10

redline kento infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinekentoinfostealerspyware

© 2018-2025

Terms | Privacy