redline | 6b937ac8b7f889100cf86a34f74ff2fbdba7b072822026ab275d2a5ee6b7b650 | Triage

Sharing

General

Target

DawnLand6.exe
Size

10.0MB
Sample

230706-v9fassdf27
MD5

9fa3180810afbbb9f999e5239027fdec
SHA1

3c3610842d1bb832cf8a422714da529708a8e6ec
SHA256

6b937ac8b7f889100cf86a34f74ff2fbdba7b072822026ab275d2a5ee6b7b650
SHA512

04e411cd7114b0904576f33bcb02d876136a035fcbed5ec71728e426d0fbd37d8ee0896113036745bc452482771df918885b6b0e829c49b17bf46687bc9c47d8
SSDEEP

3072:hca9VP4bW3TRHuTMGidsptIGT31qrIf//3x5cJKy9g/kdLUVgKuOiyb:hxP44Huwc31qrw/fx5uRdLAgKu58

Score

10^/10

redline dawnland infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

DAwnLand

C2

212.113.116.143:23052

Attributes

auth_value
8fc5b8d18171bebfcf117ba0aad639d2

Targets

- Target
  
  DawnLand6.exe
- Size
  
  10.0MB
- MD5
  
  9fa3180810afbbb9f999e5239027fdec
- SHA1
  
  3c3610842d1bb832cf8a422714da529708a8e6ec
- SHA256
  
  6b937ac8b7f889100cf86a34f74ff2fbdba7b072822026ab275d2a5ee6b7b650
- SHA512
  
  04e411cd7114b0904576f33bcb02d876136a035fcbed5ec71728e426d0fbd37d8ee0896113036745bc452482771df918885b6b0e829c49b17bf46687bc9c47d8
- SSDEEP
  
  3072:hca9VP4bW3TRHuTMGidsptIGT31qrIf//3x5cJKy9g/kdLUVgKuOiyb:hxP44Huwc31qrw/fx5uRdLAgKu58
Score

10^/10

redline dawnland infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedawnlandinfostealerspyware

behavioral2

redlinedawnlandinfostealerspyware