redline | 8eb56a2f631dd8b6e3cf827e2022dd3714b805eb377d4e186a41384ec624376c | Triage

Sharing

General

Target

01366899.exe
Size

1.7MB
Sample

230611-j9dw7agg29
MD5

a4aab901f5f4662d75a66bdb08971148
SHA1

9835bae8776e280b5a6bcf8e204d1bca5e05b0f6
SHA256

8eb56a2f631dd8b6e3cf827e2022dd3714b805eb377d4e186a41384ec624376c
SHA512

a4a86338d24118d20242714da4ac9df72a0954c7c7cfa4be80cb2495b2ced651e328b4fbf1e66ac844f76f838efd591baade7b2dca019917964ac0b7a73c479f
SSDEEP

24576:YwJAcH22+6MA333QaUozWal46B7Owg/63wXByw/OK:bJAcH22KA3339UPaewgrByq

Score

10^/10

redline 090623_11_red infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

090623_11_red

C2

goodlogs.neverever.ug:11615

Attributes

auth_value
ca62706abf6895102883ab0c8a86ddff

Targets

- Target
  
  01366899.exe
- Size
  
  1.7MB
- MD5
  
  a4aab901f5f4662d75a66bdb08971148
- SHA1
  
  9835bae8776e280b5a6bcf8e204d1bca5e05b0f6
- SHA256
  
  8eb56a2f631dd8b6e3cf827e2022dd3714b805eb377d4e186a41384ec624376c
- SHA512
  
  a4a86338d24118d20242714da4ac9df72a0954c7c7cfa4be80cb2495b2ced651e328b4fbf1e66ac844f76f838efd591baade7b2dca019917964ac0b7a73c479f
- SSDEEP
  
  24576:YwJAcH22+6MA333QaUozWal46B7Owg/63wXByw/OK:bJAcH22KA3339UPaewgrByq
Score

10^/10

redline 090623_11_red infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline090623_11_redinfostealerspyware

behavioral2

redline090623_11_redinfostealerspyware