redline | f7ff0c7ff7f6fbaf2c390a3271eb631a8181928247d4d08862fd4a9c11a1b4b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7ff0c7ff7f6fbaf2c390a3271eb631a8181928247d4d08862fd4a9c11a1b4b3
Size

308KB
Sample

230608-t2k1msgh48
MD5

e21acaf2fe92c1b64bcb9bc9df7735cd
SHA1

bbbb7f3628288aa69cdeb2f6225dbe7684dde066
SHA256

f7ff0c7ff7f6fbaf2c390a3271eb631a8181928247d4d08862fd4a9c11a1b4b3
SHA512

ef7695017abb3f738dd07fedacbdcede4786cbe90f6498f98bad783427eaea72fddfe08b1876fd1cd50348da1ca7a60b7ea985135e1fecb4ff14cb9c2d29fdd9
SSDEEP

6144:PJiekRFHnupMnTDs7UNVS49kCNQSzrs5kLJhHVugiqtciLRc1tgPN:PJ4RVD7NQSzrs5kLJhHVugiqtciLRygF

Score

10^/10

redline crazy infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

crazy

C2

83.97.73.129:19068

Attributes

auth_value
66bc4d9682ea090eef64a299ece12fdd

Targets

- Target
  
  f7ff0c7ff7f6fbaf2c390a3271eb631a8181928247d4d08862fd4a9c11a1b4b3
- Size
  
  308KB
- MD5
  
  e21acaf2fe92c1b64bcb9bc9df7735cd
- SHA1
  
  bbbb7f3628288aa69cdeb2f6225dbe7684dde066
- SHA256
  
  f7ff0c7ff7f6fbaf2c390a3271eb631a8181928247d4d08862fd4a9c11a1b4b3
- SHA512
  
  ef7695017abb3f738dd07fedacbdcede4786cbe90f6498f98bad783427eaea72fddfe08b1876fd1cd50348da1ca7a60b7ea985135e1fecb4ff14cb9c2d29fdd9
- SSDEEP
  
  6144:PJiekRFHnupMnTDs7UNVS49kCNQSzrs5kLJhHVugiqtciLRc1tgPN:PJ4RVD7NQSzrs5kLJhHVugiqtciLRygF
Score

10^/10

redline crazy infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecrazyinfostealerspyware