redline | 960971f7b34990d6afc7234ee27035f91b0f839f22e242807887d358abf19b17 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spyr1xx_crypted_LAB.exe
Size

1.2MB
Sample

230615-e7rytaef6s
MD5

25a9ce88fcac81aa271bbb34cedb1766
SHA1

31ecf655e529968d67d96341fa06071b72443d18
SHA256

960971f7b34990d6afc7234ee27035f91b0f839f22e242807887d358abf19b17
SHA512

299ddc03074db77b56b0a18dfde216c1a1941ea337df9e90015ca516185aa9a90d450846dd922f6d963c37dd56518001935be3e3e6239c446e684500d27ed58f
SSDEEP

6144:sVRyfLFzZTBuf3EohjAOyEwtEnjYgvvnDMNk+SPMgbVW2ND4Ox/3C:sifLxZTSwsMgvLMNkjJ3/3C

Score

10^/10

redline @spyr1xx infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@spyr1xx

C2

185.106.93.193:48563

Attributes

auth_value
1813c4e1e522a31ea5f0ddac39aec46b

Targets

- Target
  
  spyr1xx_crypted_LAB.exe
- Size
  
  1.2MB
- MD5
  
  25a9ce88fcac81aa271bbb34cedb1766
- SHA1
  
  31ecf655e529968d67d96341fa06071b72443d18
- SHA256
  
  960971f7b34990d6afc7234ee27035f91b0f839f22e242807887d358abf19b17
- SHA512
  
  299ddc03074db77b56b0a18dfde216c1a1941ea337df9e90015ca516185aa9a90d450846dd922f6d963c37dd56518001935be3e3e6239c446e684500d27ed58f
- SSDEEP
  
  6144:sVRyfLFzZTBuf3EohjAOyEwtEnjYgvvnDMNk+SPMgbVW2ND4Ox/3C:sifLxZTSwsMgvLMNkjJ3/3C
Score

10^/10

redline @spyr1xx infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@spyr1xxinfostealerspyware

behavioral2

redline@spyr1xxinfostealerspyware