redline | bdc9362777d3cbbdd3362b62e48e4b2dc053f1dc1b8e4e1ef9b1b666e4efd05a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BloxFruits GUI.exe
Size

327KB
Sample

230523-zqpgksac5s
MD5

79e2287c7f1e3b6b62a80c994d46c3a7
SHA1

cf71a4e8f88c7a23d9074a6cc3ca3bb0d58ef895
SHA256

bdc9362777d3cbbdd3362b62e48e4b2dc053f1dc1b8e4e1ef9b1b666e4efd05a
SHA512

e4ea76a5fda839c6812bca5c8d0dbbfc72a72242a5dd7e57ee70d54ad89b2355891e6e8adfe62d8c36b901c5f9bfc7fe8ae12ac4b9adc8faad67a788ce2c74f2
SSDEEP

6144:bV9SHeF45XiiPTwH0iE4SHt8laYNqHpwW2DtTKh8:bvieF45S5H0i3SHClaYNqHEZ

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

45.15.156.170:43588

Attributes

auth_value
9c8dd7353be7ed4b6832da21d8d0d902

Targets

- Target
  
  BloxFruits GUI.exe
- Size
  
  327KB
- MD5
  
  79e2287c7f1e3b6b62a80c994d46c3a7
- SHA1
  
  cf71a4e8f88c7a23d9074a6cc3ca3bb0d58ef895
- SHA256
  
  bdc9362777d3cbbdd3362b62e48e4b2dc053f1dc1b8e4e1ef9b1b666e4efd05a
- SHA512
  
  e4ea76a5fda839c6812bca5c8d0dbbfc72a72242a5dd7e57ee70d54ad89b2355891e6e8adfe62d8c36b901c5f9bfc7fe8ae12ac4b9adc8faad67a788ce2c74f2
- SSDEEP
  
  6144:bV9SHeF45XiiPTwH0iE4SHt8laYNqHpwW2DtTKh8:bvieF45S5H0i3SHClaYNqHEZ
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware