redline | 329b42e77218534f5bcedead6f3b3eb8c81c8a043fe70ffab6bdc5c12bf9c556 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

n2028186.exe
Size

302KB
Sample

230602-fdqdkaac5t
MD5

2730a625a15a6f3fba6cd8d3beda9614
SHA1

bce3bf905ce0ed025eb6251002caf4e3da0117ed
SHA256

329b42e77218534f5bcedead6f3b3eb8c81c8a043fe70ffab6bdc5c12bf9c556
SHA512

5229c74481cf3cda68f8c9af67ca63a229b505150e4317bb9bda027cb76dfe9435d0218932ed04d1dee75a825293c8175c2c7105d90d7514f79b2f9182d22b07
SSDEEP

6144:KnhmJTHw3GEsqOMYtRlhW8PRq3MfMxaYywMBayX:GhmJTQWlqjYtRzW6Rq3M00uKTX

Score

10^/10

redline rocker infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

rocker

C2

83.97.73.127:19045

Attributes

auth_value
b4693c25843b5a1c7d63376e73e32dae

Targets

- Target
  
  n2028186.exe
- Size
  
  302KB
- MD5
  
  2730a625a15a6f3fba6cd8d3beda9614
- SHA1
  
  bce3bf905ce0ed025eb6251002caf4e3da0117ed
- SHA256
  
  329b42e77218534f5bcedead6f3b3eb8c81c8a043fe70ffab6bdc5c12bf9c556
- SHA512
  
  5229c74481cf3cda68f8c9af67ca63a229b505150e4317bb9bda027cb76dfe9435d0218932ed04d1dee75a825293c8175c2c7105d90d7514f79b2f9182d22b07
- SSDEEP
  
  6144:KnhmJTHw3GEsqOMYtRlhW8PRq3MfMxaYywMBayX:GhmJTQWlqjYtRzW6Rq3M00uKTX
Score

10^/10

redline rocker infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinerockerinfostealerspyware

behavioral2

redlinerockerinfostealerspyware