redline | d54ec40b3a2a28490b3b22f06fe20227012dccd02d43fb6a6cb6977c3f5d4699 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d54ec40b3a2a28490b3b22f06fe20227012dccd02d43fb6a6cb6977c3f5d4699
Size

1.1MB
Sample

230422-et2absec5w
MD5

e35b6184841a56437eead69769c86b51
SHA1

827683446890a5050ae488460f73a069d9d47141
SHA256

d54ec40b3a2a28490b3b22f06fe20227012dccd02d43fb6a6cb6977c3f5d4699
SHA512

e651e77c1e4bcda1be803109e55021c8054a25677d0b61a9b06ff727a9accceff570bdaf849598abbe4223a57de38dd58ba634a066319e89c633395ac54b6f79
SSDEEP

6144:Ui6s2azhTdW2B/AOI4yGc8QjPYTWAkXyCLwsBKDvGm8KkbEO:Ui6s2UPcGXQjPYTOxBK7G6kbEO

Score

10^/10

redline am2104 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

am2104

C2

89.22.233.20:36696

Attributes

auth_value
0b8ed6035d6bae6bab134c90de8c2b86

Targets

- Target
  
  d54ec40b3a2a28490b3b22f06fe20227012dccd02d43fb6a6cb6977c3f5d4699
- Size
  
  1.1MB
- MD5
  
  e35b6184841a56437eead69769c86b51
- SHA1
  
  827683446890a5050ae488460f73a069d9d47141
- SHA256
  
  d54ec40b3a2a28490b3b22f06fe20227012dccd02d43fb6a6cb6977c3f5d4699
- SHA512
  
  e651e77c1e4bcda1be803109e55021c8054a25677d0b61a9b06ff727a9accceff570bdaf849598abbe4223a57de38dd58ba634a066319e89c633395ac54b6f79
- SSDEEP
  
  6144:Ui6s2azhTdW2B/AOI4yGc8QjPYTWAkXyCLwsBKDvGm8KkbEO:Ui6s2UPcGXQjPYTOxBK7G6kbEO
Score

10^/10

redline am2104 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineam2104infostealerspyware

behavioral2

redlineam2104infostealerspyware