redline | 8794abaf3a4964f9ffbcc0f75bd96af30b4b6b4e307c048eb497ae2dc4458c27 | Triage

Sharing

General

Target

file.exe
Size

556KB
Sample

230619-h8ypjacd34
MD5

46bc9e2a70edd134a6420dc4c98a3668
SHA1

2a3341ab80cde0d14be3e701a7c6ccb6b25077c0
SHA256

8794abaf3a4964f9ffbcc0f75bd96af30b4b6b4e307c048eb497ae2dc4458c27
SHA512

36f9a1d87c20fc51cdc8c1d0c2809225008616a7d782473fc988347ef9c2e123546da24d225b2c76eb6f8e2fc7f3a75cf558313deb98d1b13628e55bd14e3415
SSDEEP

12288:L0BaH7DjoFcnpVvRLxVuPb7w2fGBtoEHLH9vzo90:LWaH7foFcnphsPbc2uBtoEHLH9boW

Score

10^/10

redline 2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

2

C2

95.216.249.153:81

Attributes

auth_value
101013a5e99e0857595aae297a11351d

Targets

- Target
  
  file.exe
- Size
  
  556KB
- MD5
  
  46bc9e2a70edd134a6420dc4c98a3668
- SHA1
  
  2a3341ab80cde0d14be3e701a7c6ccb6b25077c0
- SHA256
  
  8794abaf3a4964f9ffbcc0f75bd96af30b4b6b4e307c048eb497ae2dc4458c27
- SHA512
  
  36f9a1d87c20fc51cdc8c1d0c2809225008616a7d782473fc988347ef9c2e123546da24d225b2c76eb6f8e2fc7f3a75cf558313deb98d1b13628e55bd14e3415
- SSDEEP
  
  12288:L0BaH7DjoFcnpVvRLxVuPb7w2fGBtoEHLH9vzo90:LWaH7foFcnphsPbc2uBtoEHLH9boW
Score

10^/10

redline 2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2infostealerspyware

behavioral2

redline2infostealerspyware