redline | 9f7b850b2f255a609532c8bac161f2c11dca15133312cb2a3f7a989eca325969 | Triage

Sharing

General

Target

72f39adecf2367944add8e33bbfc5c31.exe
Size

235KB
Sample

230415-s224gsgb4t
MD5

72f39adecf2367944add8e33bbfc5c31
SHA1

a01e04bb87924d6d1b31ac1e6190937ce542b17b
SHA256

9f7b850b2f255a609532c8bac161f2c11dca15133312cb2a3f7a989eca325969
SHA512

b66b8cac51a8a8de0496d8ae011a0e91ce42cf3fade307c1b7a374fb44e0c1e1ba21959610cd0b3f3eae18c7cfa298c19c242a6bfa7fcb09a0a9d72c9ac3a2fb
SSDEEP

6144:+LLrksSYjJanJGtgNiUfUgxZ2K/cSK1IOq:+nBR0nAGNio2sch14

Score

10^/10

redline 1379752987 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1379752987

C2

167.235.158.92:39675

Attributes

auth_value
94039ae8b5b0b9ec5346501cc0139461

Targets

- Target
  
  72f39adecf2367944add8e33bbfc5c31.exe
- Size
  
  235KB
- MD5
  
  72f39adecf2367944add8e33bbfc5c31
- SHA1
  
  a01e04bb87924d6d1b31ac1e6190937ce542b17b
- SHA256
  
  9f7b850b2f255a609532c8bac161f2c11dca15133312cb2a3f7a989eca325969
- SHA512
  
  b66b8cac51a8a8de0496d8ae011a0e91ce42cf3fade307c1b7a374fb44e0c1e1ba21959610cd0b3f3eae18c7cfa298c19c242a6bfa7fcb09a0a9d72c9ac3a2fb
- SSDEEP
  
  6144:+LLrksSYjJanJGtgNiUfUgxZ2K/cSK1IOq:+nBR0nAGNio2sch14
Score

10^/10

redline 1379752987 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline1379752987infostealerspyware