redline | 7c8ca3c5b49dd473dbe777fb3aa2e7334b365a96c4b14dce896cde43b312b7a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Activator.exe
Size

316KB
Sample

230509-2r4n1aca9w
MD5

7dff717a5c2b9aaf4fcdf8ea44faa271
SHA1

496df8baa3bf907345174d508f8e81d2a23f42c4
SHA256

7c8ca3c5b49dd473dbe777fb3aa2e7334b365a96c4b14dce896cde43b312b7a0
SHA512

00cfe44d792f7a748bc012d6ccb34a20422866d0a3e7ba05717b8c9176f780a6ea60ae0805d4b4595551d14534fbb365c0bd3c540da7799c6dac08bd9e06fa83
SSDEEP

6144:n356TgQ4WYbaiVkXI6wJIh6F94/Uw8Pcpnfofi/:n35ivicIfIhEs8PcJQf+

Score

10^/10

redline @chrisdime_lolz infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@chrisdime_lolz

C2

94.142.138.4:80

Attributes

auth_value
32fa7bda17aaeffb37e9d4f406b903f4

Targets

- Target
  
  Activator.exe
- Size
  
  316KB
- MD5
  
  7dff717a5c2b9aaf4fcdf8ea44faa271
- SHA1
  
  496df8baa3bf907345174d508f8e81d2a23f42c4
- SHA256
  
  7c8ca3c5b49dd473dbe777fb3aa2e7334b365a96c4b14dce896cde43b312b7a0
- SHA512
  
  00cfe44d792f7a748bc012d6ccb34a20422866d0a3e7ba05717b8c9176f780a6ea60ae0805d4b4595551d14534fbb365c0bd3c540da7799c6dac08bd9e06fa83
- SSDEEP
  
  6144:n356TgQ4WYbaiVkXI6wJIh6F94/Uw8Pcpnfofi/:n35ivicIfIhEs8PcJQf+
Score

10^/10

redline @chrisdime_lolz infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@chrisdime_lolzinfostealerspyware

behavioral2

redline@chrisdime_lolzinfostealerspyware

behavioral3

redline@chrisdime_lolzinfostealerspyware