redline | 347a697112c7838b199fa23d7f730b264d189262f3a1520ed965d74a97813634 | Triage

Sharing

General

Target

3f8f5177e8907b126f2575b67aea9db1.bin
Size

352KB
Sample

230623-bla7dscc7s
MD5

a006e129936b25483f40098feafc058f
SHA1

b1f3e911020fb9ee0a0d40c5d477a201f717602f
SHA256

347a697112c7838b199fa23d7f730b264d189262f3a1520ed965d74a97813634
SHA512

7b7983d89b91c9a2af5c0b1e97ce89ef416a0ea115d3c6033430f950be1cef06244c80d696c54a4d21ceb1ed2ff42113a8c6f383b74e318ffcb53727811398ff
SSDEEP

6144:17z8llVWWjf8K3xXk5tTcS7qDP/VyFz/mvn7kufPOlEpZGoG6QCaP:yHVWWjf8gJQ7q7/INmYukELGH6Q3

Score

10^/10

redline top infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

top

C2

83.97.73.124:53

Attributes

auth_value
053e5ccc53982413753b68419138b23a

Targets

- Target
  
  712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326.exe
- Size
  
  602KB
- MD5
  
  3f8f5177e8907b126f2575b67aea9db1
- SHA1
  
  30ac43a9c6dd799441519db56a14bf1a0e2b5bab
- SHA256
  
  712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326
- SHA512
  
  1537bb2ad49921ee5ef54ca940485d1ae9a4ec7308c77f938a47ce7451ce2e8e0638bf73511c092acfb0b1277a2c91ff202278b582d2b5319fa647b7e988f398
- SSDEEP
  
  6144:yJA+PQrKTvHaAGrWg8zg3JW+1LTgMDCkTQTplln9AwDKFp2XhIxwHl7czJ2nybTx:yC+Qr/AEWzzg5FkeCk0lN6pIjHayO
Score

10^/10

redline top infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetopinfostealerspyware

behavioral2

redlinetopinfostealerspyware