redline | 3ec7eea3e358213d4879289355b240a222367d8dedcc881107e1b0fc5287daa7 | Triage

Sharing

General

Target

file.exe
Size

269KB
Sample

230606-jhk67ace84
MD5

ae0420654394805ac73d71f3d398a7ed
SHA1

f47789745306b364d7fd991fabb3facadecc3bb9
SHA256

3ec7eea3e358213d4879289355b240a222367d8dedcc881107e1b0fc5287daa7
SHA512

a0cf0bf3c10b118f4c75a49ffe57ac8739c047ad5bf6db1157a4252d6257baea2209281d5446199ff9e7c8ebbab66d2fc1578fdac30023424a71dd6fbeaf47ec
SSDEEP

3072:yY3LZGmm6n0Wbywn8Svg8DkNXeOXgX09Nu652uR/mACy7gxcj/6:x3LZGmRzg8A8lX09l2unux

Score

10^/10

redline 0506 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

0506

C2

176.123.9.142:14845

Attributes

auth_value
b9eb61b0dc69fe221ee04711a951d730

Targets

- Target
  
  file.exe
- Size
  
  269KB
- MD5
  
  ae0420654394805ac73d71f3d398a7ed
- SHA1
  
  f47789745306b364d7fd991fabb3facadecc3bb9
- SHA256
  
  3ec7eea3e358213d4879289355b240a222367d8dedcc881107e1b0fc5287daa7
- SHA512
  
  a0cf0bf3c10b118f4c75a49ffe57ac8739c047ad5bf6db1157a4252d6257baea2209281d5446199ff9e7c8ebbab66d2fc1578fdac30023424a71dd6fbeaf47ec
- SSDEEP
  
  3072:yY3LZGmm6n0Wbywn8Svg8DkNXeOXgX09Nu652uR/mACy7gxcj/6:x3LZGmRzg8A8lX09l2unux
Score

10^/10

redline 0506 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline0506infostealerspyware

behavioral2

redline0506infostealerspyware