redline | b35a9c4ab45487ac9ba5b5717d975d76679a93a76c81fdd8e18841f16d2266f0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08324699.exe
Size

282KB
Sample

230606-nt7xjsdd99
MD5

99c0cd96d46794e20fa539b20e4cff64
SHA1

97e5aa8366cac78fbd329dcc11d9ca8a6c55415e
SHA256

b35a9c4ab45487ac9ba5b5717d975d76679a93a76c81fdd8e18841f16d2266f0
SHA512

e2a5299832266f8ca5a2484fdbc2d0ab06c8587734bfecb2d55e9e768bf25f241b4fee028c3ab30912dc39219eefa2bab34aeb45e4d55ee56f91e3ebe16faa3b
SSDEEP

6144:krcV9LR1LM8FaGwVIF52EskSvtpF/mZpgx:5V9jLM8QGwVIn2EskSFjMyx

Score

10^/10

redline easycrypt infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

EasyCrypt

C2

45.15.157.14:15779

Attributes

auth_value
f68cdf7204e67c3230e8be3d6a48812e

Targets

- Target
  
  08324699.exe
- Size
  
  282KB
- MD5
  
  99c0cd96d46794e20fa539b20e4cff64
- SHA1
  
  97e5aa8366cac78fbd329dcc11d9ca8a6c55415e
- SHA256
  
  b35a9c4ab45487ac9ba5b5717d975d76679a93a76c81fdd8e18841f16d2266f0
- SHA512
  
  e2a5299832266f8ca5a2484fdbc2d0ab06c8587734bfecb2d55e9e768bf25f241b4fee028c3ab30912dc39219eefa2bab34aeb45e4d55ee56f91e3ebe16faa3b
- SSDEEP
  
  6144:krcV9LR1LM8FaGwVIF52EskSvtpF/mZpgx:5V9jLM8QGwVIn2EskSFjMyx
Score

10^/10

redline easycrypt infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineeasycryptinfostealerspyware

behavioral2

redlineeasycryptinfostealerspyware