redline | c5267206c758ddf1b172ee1eb0e09f4251c5dec7eda3b54a9778baebb7f39b94 | Triage

Sharing

General

Target

2bfddaf30f7a81fd209a17e8bc06c5a6.exe
Size

308KB
Sample

230523-xhhb7agg28
MD5

2bfddaf30f7a81fd209a17e8bc06c5a6
SHA1

b23725a3a0c01ddd4d07699b03acf33426bc94ec
SHA256

c5267206c758ddf1b172ee1eb0e09f4251c5dec7eda3b54a9778baebb7f39b94
SHA512

a44e56ee7f03f6a1ac262147e1a89fd4226e7696bc427ad6e89bd7056350d4285aaeb671327febf118ae88a0e2b0820e4280d9ae49ec80f78e610dd3ce3a00ed
SSDEEP

6144:l2CKgIA9DRQhEttFvFheGReKF/CYgaJQrvBrfNHkI:VIcDGhE7FdNlRfgwQTb3

Score

10^/10

redline 0 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

0

C2

65.108.210.134:23732

Attributes

auth_value
29b638406f4732fa6a2b4b943e4d21df

Targets

- Target
  
  2bfddaf30f7a81fd209a17e8bc06c5a6.exe
- Size
  
  308KB
- MD5
  
  2bfddaf30f7a81fd209a17e8bc06c5a6
- SHA1
  
  b23725a3a0c01ddd4d07699b03acf33426bc94ec
- SHA256
  
  c5267206c758ddf1b172ee1eb0e09f4251c5dec7eda3b54a9778baebb7f39b94
- SHA512
  
  a44e56ee7f03f6a1ac262147e1a89fd4226e7696bc427ad6e89bd7056350d4285aaeb671327febf118ae88a0e2b0820e4280d9ae49ec80f78e610dd3ce3a00ed
- SSDEEP
  
  6144:l2CKgIA9DRQhEttFvFheGReKF/CYgaJQrvBrfNHkI:VIcDGhE7FdNlRfgwQTb3
Score

10^/10

redline 0 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline0infostealerspyware

behavioral2

redline0infostealerspyware