redline | 41277a31f0af811fa594a9c4aaf9dbbb3155c3dd276f8fa9318f4e7689bfe0ab | Triage

Sharing

General

Target

0671e541dd49a75a51d3190702aa9a61.bin
Size

161KB
Sample

230404-bdvaasdh2w
MD5

f70c4b9156b74fbfd6b4e6e3fcebe3f2
SHA1

a83fdcdae6c006c19fdaae0682bda10ac0306de9
SHA256

41277a31f0af811fa594a9c4aaf9dbbb3155c3dd276f8fa9318f4e7689bfe0ab
SHA512

4f18ae8b7481f14aa6333f4ce78e9703c0412a8725533d1d18c234452aea3c6bd723d08feb48a5e3896a796198d91d9d67a001955e9987f612f0499a8306d141
SSDEEP

3072:huO1mKE6pDX2nY/aHLRT77Wq7lGUyhE5c+Zz0bAVo7fG:huCrEGX2nLH7WBPhE5cAwIOu

Score

10^/10

redline 10 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

10

C2

89.22.237.107:24535

Attributes

auth_value
6b5e517291c4d46e2fb551701ebd3f2f

Targets

- Target
  
  2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec.exe
- Size
  
  294KB
- MD5
  
  0671e541dd49a75a51d3190702aa9a61
- SHA1
  
  4b259b247e91d05518f998c1d2e0f1456b5392b2
- SHA256
  
  2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec
- SHA512
  
  af59e97b416b5e035f4b676b28fd4d81d103299f5e934b3a8b3cf01a393931dfd0a4a0878ee79157e5df6aadacd5436e07e352e16d9fc3d747ab514cf320cb7d
- SSDEEP
  
  3072:XhVbaRGSFaMmFWFu8RYN2yDc4TqkuqCMisloA4dKfslVBVNovhSxov3xB4XhfxV:y3mFW8bc5jMrloA40fsVVESyvn4l
Score

10^/10

redline 10 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline10infostealerspyware

behavioral2

redline10infostealerspyware