redline | 343e1a1aca9324842d03943b14e0fddf1c527473b719a75b91bf8b3fec0b35d5 | Triage

Sharing

General

Target

343e1a1aca9324842d03943b14e0fddf1c527473b719a75b91bf8b3fec0b35d5
Size

344KB
Sample

230421-qfzp5aff76
MD5

0dd4dc76cd2397234f1823d30ff7f3d4
SHA1

6ccd0bba868cfc56baad2daa4e854e7152453091
SHA256

343e1a1aca9324842d03943b14e0fddf1c527473b719a75b91bf8b3fec0b35d5
SHA512

be0e2b1210b1da12754ee7f2c01570a9c2ffba03361bf60ddff395b27b8d88801f7206fd6fc6fc233e1edaed71b354fe5eb85853d9340f4aa14c07c0abcdb300
SSDEEP

6144:Y1BBK8G2ZNK20bFecpuahoqh1+TcXyctGUzS:YPI8GCNIbFlphho0QTcXyO

Score

10^/10

redline special infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

special

C2

176.123.9.142:14845

Attributes

auth_value
bb28ee957fad348ef1dfce97134849bc

Targets

- Target
  
  343e1a1aca9324842d03943b14e0fddf1c527473b719a75b91bf8b3fec0b35d5
- Size
  
  344KB
- MD5
  
  0dd4dc76cd2397234f1823d30ff7f3d4
- SHA1
  
  6ccd0bba868cfc56baad2daa4e854e7152453091
- SHA256
  
  343e1a1aca9324842d03943b14e0fddf1c527473b719a75b91bf8b3fec0b35d5
- SHA512
  
  be0e2b1210b1da12754ee7f2c01570a9c2ffba03361bf60ddff395b27b8d88801f7206fd6fc6fc233e1edaed71b354fe5eb85853d9340f4aa14c07c0abcdb300
- SSDEEP
  
  6144:Y1BBK8G2ZNK20bFecpuahoqh1+TcXyctGUzS:YPI8GCNIbFlphho0QTcXyO
Score

10^/10

redline special infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinespecialinfostealerspyware