redline | 31f6dc2489aabbce556c7d27e1cc4e752acef6661d810b8863a130f9b65e66c7 | Triage

Sharing

General

Target

file.exe
Size

1.3MB
Sample

230427-jcykbsed45
MD5

c9fc671394f808838d4c748a1c12f08b
SHA1

51baaa7ba4a3ef8a550a43bc5f251d8edf4757c3
SHA256

31f6dc2489aabbce556c7d27e1cc4e752acef6661d810b8863a130f9b65e66c7
SHA512

4330881077eb71081f37a915ea85667c387917f412b8b2fea0189159204801ec05fa3497f7f535028938c909623f6b45a5e35194e5e3cfc5643ef145571e756f
SSDEEP

12288:LroPentg4fY0pnjGv3zJzaOFKbi/qg5KZ:fCUg4uz5vF8iygAZ

Score

10^/10

redline special infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

special

C2

176.123.9.142:14845

Attributes

auth_value
bb28ee957fad348ef1dfce97134849bc

Targets

- Target
  
  file.exe
- Size
  
  1.3MB
- MD5
  
  c9fc671394f808838d4c748a1c12f08b
- SHA1
  
  51baaa7ba4a3ef8a550a43bc5f251d8edf4757c3
- SHA256
  
  31f6dc2489aabbce556c7d27e1cc4e752acef6661d810b8863a130f9b65e66c7
- SHA512
  
  4330881077eb71081f37a915ea85667c387917f412b8b2fea0189159204801ec05fa3497f7f535028938c909623f6b45a5e35194e5e3cfc5643ef145571e756f
- SSDEEP
  
  12288:LroPentg4fY0pnjGv3zJzaOFKbi/qg5KZ:fCUg4uz5vF8iygAZ
Score

10^/10

redline special infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinespecialinfostealerspyware

behavioral2

redlinespecialinfostealerspyware