redline | 416bf8815d67a276a4c12d51f4c12b215db6dc0bf18e7caad56c0b19b8e2a56a | Triage

Sharing

General

Target

file.exe
Size

765KB
Sample

230709-m443zace32
MD5

641a109a5368af53d6dde369592719ad
SHA1

ee5199257dc8cbbae9a5696a1c508dab21b0e2b4
SHA256

416bf8815d67a276a4c12d51f4c12b215db6dc0bf18e7caad56c0b19b8e2a56a
SHA512

5f50c064bb25b707a25b8bb0f5300d29eb603205cdbbfb8ec3fb89a5e591250d96ac2614ad1fdac068f59f438a7a9744aa4f94641b9624d65b3e6af01c992e94
SSDEEP

12288:9V2wi1TgegQS2LoVbHFAMJ3Zcg4uauif5mm2pq01z34TRppn:rGNKFAU3S25k01TIB

Score

10^/10

redline 1006 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1006

C2

176.123.9.142:14845

Attributes

auth_value
b5da80860b093905c2bba6f9377af704

Targets

- Target
  
  file.exe
- Size
  
  765KB
- MD5
  
  641a109a5368af53d6dde369592719ad
- SHA1
  
  ee5199257dc8cbbae9a5696a1c508dab21b0e2b4
- SHA256
  
  416bf8815d67a276a4c12d51f4c12b215db6dc0bf18e7caad56c0b19b8e2a56a
- SHA512
  
  5f50c064bb25b707a25b8bb0f5300d29eb603205cdbbfb8ec3fb89a5e591250d96ac2614ad1fdac068f59f438a7a9744aa4f94641b9624d65b3e6af01c992e94
- SSDEEP
  
  12288:9V2wi1TgegQS2LoVbHFAMJ3Zcg4uauif5mm2pq01z34TRppn:rGNKFAU3S25k01TIB
Score

10^/10

redline 1006 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1006infostealerspyware

behavioral2

redline1006infostealerspyware