redline | 28571927ef1ac3a554f4933953e9089167d0f896c78e8a7abf34bddd541f641f | Triage

Sharing

General

Target

28571927ef1ac3a554f4933953e9089167d0f896c78e8a7abf34bddd541f641f
Size

1.1MB
Sample

230419-tktapabg52
MD5

17011725e7f5f634421c0678014b0ef8
SHA1

5056555443682de494c6a86a938a01d7a5278e8c
SHA256

28571927ef1ac3a554f4933953e9089167d0f896c78e8a7abf34bddd541f641f
SHA512

4981c9d10a0019b64c4cc9b09fe1034d8f6a8f73ac5cd610b06417200ca654e592f132e6a8bb5b22bb20c2ae11c9c422073b97db0c29e03cf40e79d7adbf9b52
SSDEEP

12288:RaKg/x3r1zYO86zZJy27u1kmCxDx4I0H:RaKgp7PzflC9IDx43

Score

10^/10

redline 1379752987 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1379752987

C2

167.235.158.92:13190

Attributes

auth_value
94039ae8b5b0b9ec5346501cc0139461

Targets

- Target
  
  28571927ef1ac3a554f4933953e9089167d0f896c78e8a7abf34bddd541f641f
- Size
  
  1.1MB
- MD5
  
  17011725e7f5f634421c0678014b0ef8
- SHA1
  
  5056555443682de494c6a86a938a01d7a5278e8c
- SHA256
  
  28571927ef1ac3a554f4933953e9089167d0f896c78e8a7abf34bddd541f641f
- SHA512
  
  4981c9d10a0019b64c4cc9b09fe1034d8f6a8f73ac5cd610b06417200ca654e592f132e6a8bb5b22bb20c2ae11c9c422073b97db0c29e03cf40e79d7adbf9b52
- SSDEEP
  
  12288:RaKg/x3r1zYO86zZJy27u1kmCxDx4I0H:RaKgp7PzflC9IDx43
Score

10^/10

redline 1379752987 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1379752987infostealerspyware