redline | 275f1894ae3a3c6ce2962c260f5ef2bf55034022a781d9eae4b85a456ff7531d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

n6813301.exe
Size

323KB
Sample

230601-fr5emscf34
MD5

ad8ff17b81bcf006cd0c057058389dca
SHA1

c7163084ff9bec4c00382627896972a018643db4
SHA256

275f1894ae3a3c6ce2962c260f5ef2bf55034022a781d9eae4b85a456ff7531d
SHA512

bfba6e2d0a1003d04e90f3d62a5beb6ecc244ca7de947400bd80c5769aaf7076fd1f9f48d339bd91b54b830686019689d376397fac3fa07882f13ffd298b86a2
SSDEEP

6144:eBaTsH0tan9zL0MwfAld5Q8CgCxUCyvOH9FF653qy7oDFtv+uwdy:e4sH0ta9zLZrxC1mCyv8r6157wFtv+uw

Score

10^/10

redline rocker infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

rocker

C2

83.97.73.127:19045

Attributes

auth_value
b4693c25843b5a1c7d63376e73e32dae

Targets

- Target
  
  n6813301.exe
- Size
  
  323KB
- MD5
  
  ad8ff17b81bcf006cd0c057058389dca
- SHA1
  
  c7163084ff9bec4c00382627896972a018643db4
- SHA256
  
  275f1894ae3a3c6ce2962c260f5ef2bf55034022a781d9eae4b85a456ff7531d
- SHA512
  
  bfba6e2d0a1003d04e90f3d62a5beb6ecc244ca7de947400bd80c5769aaf7076fd1f9f48d339bd91b54b830686019689d376397fac3fa07882f13ffd298b86a2
- SSDEEP
  
  6144:eBaTsH0tan9zL0MwfAld5Q8CgCxUCyvOH9FF653qy7oDFtv+uwdy:e4sH0ta9zLZrxC1mCyv8r6157wFtv+uw
Score

10^/10

redline rocker infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinerockerinfostealer

behavioral2

redlinerockerinfostealerspyware