redline | 43f7dfd100d1188143e4ab71a4f513c85568e2b1a9999690618e3f3eaebd4099 | Triage

Sharing

General

Target

2994f471403c8c5274e4116686c385a0.exe
Size

746KB
Sample

230702-2lknyadg87
MD5

2994f471403c8c5274e4116686c385a0
SHA1

0860a843e5dc99e423f328137e99dbe0c3258707
SHA256

43f7dfd100d1188143e4ab71a4f513c85568e2b1a9999690618e3f3eaebd4099
SHA512

826a061cdeb87aa73ede480e7cb0e57c88e2c12280e700c5ade21ed73465b0f39f5cd418a2a0fa1b271f853907a1fef52c59dd3bd04d53fbf105ef7667c46ede
SSDEEP

12288:OePLYK/2+GVu1jvupOGOqT589eTusUROsWQ6G5exv8CZ1LJW06:W1+GUqTc/hWdGIL

Score

10^/10

redline 1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

77.246.110.195:8599

Attributes

auth_value
a290efd4796d37556cc5af7e83c91346

Targets

- Target
  
  2994f471403c8c5274e4116686c385a0.exe
- Size
  
  746KB
- MD5
  
  2994f471403c8c5274e4116686c385a0
- SHA1
  
  0860a843e5dc99e423f328137e99dbe0c3258707
- SHA256
  
  43f7dfd100d1188143e4ab71a4f513c85568e2b1a9999690618e3f3eaebd4099
- SHA512
  
  826a061cdeb87aa73ede480e7cb0e57c88e2c12280e700c5ade21ed73465b0f39f5cd418a2a0fa1b271f853907a1fef52c59dd3bd04d53fbf105ef7667c46ede
- SSDEEP
  
  12288:OePLYK/2+GVu1jvupOGOqT589eTusUROsWQ6G5exv8CZ1LJW06:W1+GUqTc/hWdGIL
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1infostealerspyware

behavioral2

redline1infostealerspyware