redline | d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687 | Triage

Sharing

General

Target

file.exe
Size

1.2MB
Sample

230517-svq3msee6y
MD5

6af6a7fac1197a9b12b28c0e4db8c18a
SHA1

357ae7d706de393d8743dbbe0d94bc87922643cf
SHA256

d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687
SHA512

6a89fbff98be91a89008830f7aa3f88ef8fcd4c9967d1443abda4bad71097f6abc6a1371e0767e8853a3e52bd4e3f944f4ccbb7f8173d06d7c777bc71823f899
SSDEEP

24576:2TbBv5rUyXVTW6Hq69NuPQPyUfezTtJiC7nVUriVGAQ+hw17tq:IBJTzHqBQrW3tEwnGtdCOBq

Score

10^/10

redline 2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

2

C2

135.181.7.171:81

Attributes

auth_value
101013a5e99e0857595aae297a11351d

Targets

- Target
  
  file.exe
- Size
  
  1.2MB
- MD5
  
  6af6a7fac1197a9b12b28c0e4db8c18a
- SHA1
  
  357ae7d706de393d8743dbbe0d94bc87922643cf
- SHA256
  
  d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687
- SHA512
  
  6a89fbff98be91a89008830f7aa3f88ef8fcd4c9967d1443abda4bad71097f6abc6a1371e0767e8853a3e52bd4e3f944f4ccbb7f8173d06d7c777bc71823f899
- SSDEEP
  
  24576:2TbBv5rUyXVTW6Hq69NuPQPyUfezTtJiC7nVUriVGAQ+hw17tq:IBJTzHqBQrW3tEwnGtdCOBq
Score

10^/10

redline 2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2infostealerspyware

behavioral2

redline2infostealerspyware