redline | 985a808d3ed5bfbaf83079c207a1840ce62027c844d0f0f948e4529bf7e7b163 | Triage

Sharing

General

Target

file.exe
Size

334KB
Sample

230528-a326rseb2w
MD5

cc8a36fa82dde547a2824e0266b64c17
SHA1

721127f6aae7ff95bce6dcb60770c6117dc2fc05
SHA256

985a808d3ed5bfbaf83079c207a1840ce62027c844d0f0f948e4529bf7e7b163
SHA512

e962e4358d467b27e302674a174bf0abf720fc3f055017c15c41de01335a05fcdefa3f9d6824f6e7df3357279183493065e6a64584d423bc68474f1f30d5bc0d
SSDEEP

6144:XneIxJV5VvzSG8k3//82fs2KgIqlsBb3i0zUjD:vJV5R+G8kPE202KgDlcby0kD

Score

10^/10

redline @traffic_live infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@traffic_live

C2

176.123.9.142:14845

Attributes

auth_value
672fd50985aab77ae92658dea32b3a74

Targets

- Target
  
  file.exe
- Size
  
  334KB
- MD5
  
  cc8a36fa82dde547a2824e0266b64c17
- SHA1
  
  721127f6aae7ff95bce6dcb60770c6117dc2fc05
- SHA256
  
  985a808d3ed5bfbaf83079c207a1840ce62027c844d0f0f948e4529bf7e7b163
- SHA512
  
  e962e4358d467b27e302674a174bf0abf720fc3f055017c15c41de01335a05fcdefa3f9d6824f6e7df3357279183493065e6a64584d423bc68474f1f30d5bc0d
- SSDEEP
  
  6144:XneIxJV5VvzSG8k3//82fs2KgIqlsBb3i0zUjD:vJV5R+G8kPE202KgDlcby0kD
Score

10^/10

redline @traffic_live infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@traffic_liveinfostealerspyware

behavioral2

redline@traffic_liveinfostealerspyware