redline | e3c6f33a48e4867ccc4845b769c286da99d67cee23adef3ccb6293d72d040e62 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GTA V KIDDIОNS.exe
Size

570KB
Sample

230616-2az99agf3t
MD5

6204839e4b01de196b8c0577c0276220
SHA1

437f26b580b3e9bed0c166011b9d8b42e3038b87
SHA256

e3c6f33a48e4867ccc4845b769c286da99d67cee23adef3ccb6293d72d040e62
SHA512

2d62cad0798d1488163354882e723c40d2d129047e1f1a7952fecf4a8904266927812308353a2f3dcb60d9f20dad77f1542e80896972e0f3633d0c672d8ba393
SSDEEP

12288:Zdv37Sxf8FwzBMz2wKKdd2N6h9HWMbbCjT:bLSxzMz2SL2N6h9HWMbbCX

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

194.50.153.135:36457

Attributes

auth_value
05d2a4d346ebd39494c07716250f4b82

Targets

- Target
  
  GTA V KIDDIОNS.exe
- Size
  
  570KB
- MD5
  
  6204839e4b01de196b8c0577c0276220
- SHA1
  
  437f26b580b3e9bed0c166011b9d8b42e3038b87
- SHA256
  
  e3c6f33a48e4867ccc4845b769c286da99d67cee23adef3ccb6293d72d040e62
- SHA512
  
  2d62cad0798d1488163354882e723c40d2d129047e1f1a7952fecf4a8904266927812308353a2f3dcb60d9f20dad77f1542e80896972e0f3633d0c672d8ba393
- SSDEEP
  
  12288:Zdv37Sxf8FwzBMz2wKKdd2N6h9HWMbbCjT:bLSxzMz2SL2N6h9HWMbbCX
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware