redline | f178fc5506a082f2d4bbfe9dd5b0eaf85103a8207660c4902e62a311744236d0 | Triage

Sharing

General

Target

2bfddaf30f7a81fd209a17e8bc06c5a6.bin
Size

187KB
Sample

230525-bgqfhsga4y
MD5

1afa7e5e6d422c81483d694b503131e1
SHA1

69c47daa65a76b6000137d321d9e8007e59a3fd5
SHA256

f178fc5506a082f2d4bbfe9dd5b0eaf85103a8207660c4902e62a311744236d0
SHA512

5f18293e75e67f679c5c4d10328453945221bf86e4aeaf4ee4ce4e467340de2a9194c993b0e67eefaf923b81045ace867df63de53030904caff326443a6db5a6
SSDEEP

3072:SPvRBJy8DG497XaVlZTmNCDmP4ln7WbXWncvR+oFqKp5eZBZ44KXHuTBW3l9oRc2:EvRry8DRCqPfGngFtiJ4/XOlGYRcR4

Score

10^/10

redline 0 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

0

C2

65.108.210.134:23732

Attributes

auth_value
29b638406f4732fa6a2b4b943e4d21df

Targets

- Target
  
  c5267206c758ddf1b172ee1eb0e09f4251c5dec7eda3b54a9778baebb7f39b94.exe
- Size
  
  308KB
- MD5
  
  2bfddaf30f7a81fd209a17e8bc06c5a6
- SHA1
  
  b23725a3a0c01ddd4d07699b03acf33426bc94ec
- SHA256
  
  c5267206c758ddf1b172ee1eb0e09f4251c5dec7eda3b54a9778baebb7f39b94
- SHA512
  
  a44e56ee7f03f6a1ac262147e1a89fd4226e7696bc427ad6e89bd7056350d4285aaeb671327febf118ae88a0e2b0820e4280d9ae49ec80f78e610dd3ce3a00ed
- SSDEEP
  
  6144:l2CKgIA9DRQhEttFvFheGReKF/CYgaJQrvBrfNHkI:VIcDGhE7FdNlRfgwQTb3
Score

10^/10

redline 0 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline0infostealerspyware

behavioral2

redline0infostealerspyware