redline | a44ee9b6798df416a1186c178f7aa03c29bc912792cfab520f35486be3afd6bc | Triage

Sharing

General

Target

a568121c4b1c4b36b77ef499167b265f.exe
Size

1.4MB
Sample

230429-cszn1ahc82
MD5

a568121c4b1c4b36b77ef499167b265f
SHA1

92af7c91cedcdcd39b3ae2c8a2430b4789f3a90e
SHA256

a44ee9b6798df416a1186c178f7aa03c29bc912792cfab520f35486be3afd6bc
SHA512

dc73d4437a34f05178c3b28f80247d6d77e5171c60b554b626c09fb2c49b0e379f7f60b2d057e13027836d4cc605344f89988881737a5f39949205809f896bef
SSDEEP

24576:4tj4/Bk1qWa5ypygsQks5KkemsHikXWvSOcOxVjKX4oSpckFmgiddd+ADb:4tj4/BAqWVtnks5KkemINXWvSlOxQX4G

Score

10^/10

redline m2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

m2

C2

80.85.157.78:38561

Attributes

auth_value
6e2d096364fb8cafaa57bb78f353a4da

Targets

- Target
  
  a568121c4b1c4b36b77ef499167b265f.exe
- Size
  
  1.4MB
- MD5
  
  a568121c4b1c4b36b77ef499167b265f
- SHA1
  
  92af7c91cedcdcd39b3ae2c8a2430b4789f3a90e
- SHA256
  
  a44ee9b6798df416a1186c178f7aa03c29bc912792cfab520f35486be3afd6bc
- SHA512
  
  dc73d4437a34f05178c3b28f80247d6d77e5171c60b554b626c09fb2c49b0e379f7f60b2d057e13027836d4cc605344f89988881737a5f39949205809f896bef
- SSDEEP
  
  24576:4tj4/Bk1qWa5ypygsQks5KkemsHikXWvSOcOxVjKX4oSpckFmgiddd+ADb:4tj4/BAqWVtnks5KkemINXWvSlOxQX4G
Score

10^/10

redline m2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinem2infostealerspyware