redline | 5264fa070c7ccca8b9b7dbd943cecbb639bc0e5463951f176ae2fa8f0aca211f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02e01f99331d49d6c0b7924b1b004d63.bin
Size

155KB
Sample

230509-bcpnesfd6z
MD5

70b0acddaf38395464704350bf8d2a62
SHA1

2386be4c7f04680d29e2b5fe64b1bd7043bbecc4
SHA256

5264fa070c7ccca8b9b7dbd943cecbb639bc0e5463951f176ae2fa8f0aca211f
SHA512

2acdc704901bfc18ff7a512dc45e439c6463644ba7c765071b06807ca089b34c59e6c3f136fa2a0bce979c31256aca4f38dee910112a881b75aeaed6605ad4a2
SSDEEP

3072:HGbxOHXYuUc16oos6SppvjvA12pYFguU6k3N1VVQDJJ7wkJseHBSO5weBsfFOY:HkxO3c2zdvA12eCuUJDQl5wheHBd59BI

Score

10^/10

redline @naralust2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@naralust2

C2

94.142.138.4:80

Attributes

auth_value
684687f1439152a73e2a8b293ee8c64e

Targets

- Target
  
  8bddb10753bd54d5d10e9a2c5b3598060f86c2320833689bbbf396f18ecaa297.exe
- Size
  
  254KB
- MD5
  
  02e01f99331d49d6c0b7924b1b004d63
- SHA1
  
  eac10a46befefae9269e64ce0f20dfb3e05207eb
- SHA256
  
  8bddb10753bd54d5d10e9a2c5b3598060f86c2320833689bbbf396f18ecaa297
- SHA512
  
  9f3549c9779488ec6aaf6602aea6c8323eae1585a819f3c00c87b61cf0e77a6f34d01bd7f7cba3bb638e040c87e9d92c4f515a9c27b553c7cf7a4eb2bfa0c229
- SSDEEP
  
  6144:03dJeJ+9HPGKFHdx2a1NCinscgyVIfof38:03neJQPGUG8IinszLQfs
Score

10^/10

redline @naralust2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@naralust2infostealer

behavioral2

redline@naralust2infostealerspyware