redline | 2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec | Triage

Sharing

General

Target

0671e541dd49a75a51d3190702aa9a61.exe
Size

294KB
Sample

230402-t1cymshc79
MD5

0671e541dd49a75a51d3190702aa9a61
SHA1

4b259b247e91d05518f998c1d2e0f1456b5392b2
SHA256

2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec
SHA512

af59e97b416b5e035f4b676b28fd4d81d103299f5e934b3a8b3cf01a393931dfd0a4a0878ee79157e5df6aadacd5436e07e352e16d9fc3d747ab514cf320cb7d
SSDEEP

3072:XhVbaRGSFaMmFWFu8RYN2yDc4TqkuqCMisloA4dKfslVBVNovhSxov3xB4XhfxV:y3mFW8bc5jMrloA40fsVVESyvn4l

Score

10^/10

redline 10 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

10

C2

89.22.237.107:24535

Attributes

auth_value
6b5e517291c4d46e2fb551701ebd3f2f

Targets

- Target
  
  0671e541dd49a75a51d3190702aa9a61.exe
- Size
  
  294KB
- MD5
  
  0671e541dd49a75a51d3190702aa9a61
- SHA1
  
  4b259b247e91d05518f998c1d2e0f1456b5392b2
- SHA256
  
  2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec
- SHA512
  
  af59e97b416b5e035f4b676b28fd4d81d103299f5e934b3a8b3cf01a393931dfd0a4a0878ee79157e5df6aadacd5436e07e352e16d9fc3d747ab514cf320cb7d
- SSDEEP
  
  3072:XhVbaRGSFaMmFWFu8RYN2yDc4TqkuqCMisloA4dKfslVBVNovhSxov3xB4XhfxV:y3mFW8bc5jMrloA40fsVVESyvn4l
Score

10^/10

redline 10 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline10infostealerspyware

behavioral2

redline10infostealerspyware