redline | f49c6a870603c6bb0108bcf3303b01380cc54ac4facec4afa47427cfef185be5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f49c6a870603c6bb0108bcf3303b01380cc54ac4facec4afa47427cfef185be5
Size

308KB
Sample

230608-t671zahf7x
MD5

554d0863a3fc8e10fd49898fbfeaa972
SHA1

3ade0297114b9eac223a947c6d5d02287eef490f
SHA256

f49c6a870603c6bb0108bcf3303b01380cc54ac4facec4afa47427cfef185be5
SHA512

2256c3061b5949743d6cb09063942d7449d01bf3b37e25ebaecb4ba4805fcfdbc3425fe7a4198e6e8f5e877b0ae7370b65749193c28abe8b0de832c622d6915b
SSDEEP

6144:BJieERFHNvpMnTDs7UNVS49kCNQSzrs5kLJhHVugiqtciLRc1taP:BJYRSD7NQSzrs5kLJhHVugiqtciLRyaP

Score

10^/10

redline crazy infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

crazy

C2

83.97.73.129:19068

Attributes

auth_value
66bc4d9682ea090eef64a299ece12fdd

Targets

- Target
  
  f49c6a870603c6bb0108bcf3303b01380cc54ac4facec4afa47427cfef185be5
- Size
  
  308KB
- MD5
  
  554d0863a3fc8e10fd49898fbfeaa972
- SHA1
  
  3ade0297114b9eac223a947c6d5d02287eef490f
- SHA256
  
  f49c6a870603c6bb0108bcf3303b01380cc54ac4facec4afa47427cfef185be5
- SHA512
  
  2256c3061b5949743d6cb09063942d7449d01bf3b37e25ebaecb4ba4805fcfdbc3425fe7a4198e6e8f5e877b0ae7370b65749193c28abe8b0de832c622d6915b
- SSDEEP
  
  6144:BJieERFHNvpMnTDs7UNVS49kCNQSzrs5kLJhHVugiqtciLRc1taP:BJYRSD7NQSzrs5kLJhHVugiqtciLRyaP
Score

10^/10

redline crazy infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecrazyinfostealerspyware