redline | 5829cd2be97650783690f9bc20740ce43abc2e0feb1501f99d4f4c08d4e12e6b | Triage

Sharing

General

Target

1aa7939721f123f428719c210b88df55.bin
Size

261KB
Sample

230706-bh19eahh3x
MD5

e3f1ca69a4e79e0063185f3298fe48fa
SHA1

7c6bb84b979ede0d6ced0409e3c4b7eae6e6198d
SHA256

5829cd2be97650783690f9bc20740ce43abc2e0feb1501f99d4f4c08d4e12e6b
SHA512

35cdcc0cfff757b42a43f716df793d7130c47ec40ba196233c07a35e5fcc627e313d9bc211f303782679b09fbc437447e7317a550ee97d1f6d289f804cd0f019
SSDEEP

6144:6iuE8zgIwWT+NYuIorhZhI+n0gAy4xavmaXggSGGLTUDN18wY7:C0Ir+NcoVZhvn5AHoIgSGgeN18l7

Score

10^/10

redline logslive2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

LogsLive2

C2

185.157.120.11:36690

Attributes

auth_value
11cb8c21234a8fb6ec2254da18178eab

Targets

- Target
  
  7db38668bfda0f4fd5885ff8965304f3651113777003e86715c08ba8624d9114.exe
- Size
  
  1.0MB
- MD5
  
  1aa7939721f123f428719c210b88df55
- SHA1
  
  7f61007a5463e05d194ffe8668b797ddf5280d71
- SHA256
  
  7db38668bfda0f4fd5885ff8965304f3651113777003e86715c08ba8624d9114
- SHA512
  
  95654e50081acb40a323c8c447ae65ae7338ba12cdc0bab81ee77295316904db8f89f7f4e284f8f86e911cd9654a788cfb858881ee6e0c863f1e59c50366364c
- SSDEEP
  
  6144:q1yNB0anZ8DhgCEmcxb7hAAOY6cgLsBd/ujSi1RURR:q1WB0anZ8D6xbtA6Asv/+SK0
Score

10^/10

redline logslive2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogslive2infostealerspyware

behavioral2

redlinelogslive2infostealerspyware