redline | 75a5cf0475460c31e228bd47cfb22b11300156aced58a14c6d6faba407fe2c2d | Triage

Sharing

General

Target

file.exe
Size

1.9MB
Sample

230710-g3pn1ahg9s
MD5

251cc9c3455844f3eaa98b0fc2c1ded4
SHA1

5199e0bb9c9bce61b2b80a2ccc09bfc1c2b6da05
SHA256

75a5cf0475460c31e228bd47cfb22b11300156aced58a14c6d6faba407fe2c2d
SHA512

f22c91d2af55eb37e93bdcd31953926bdcfdd621829e375da25f4e058eb67084922d08c6831366523dc698a59c9c3d61b6bf8a7c2009df16959df88e68612c31
SSDEEP

6144:p9WOZZrGrsSFB+ekKM1V3XAOP9krrXwLbbtCfi3bEDNLgXsNxqUO2IaO9w+Pk+uE:zrZZrGrsSu3X19k3KQi3bqNLqF2Nj2L

Score

10^/10

redline installs infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

installs

C2

45.9.74.117:15394

Attributes

auth_value
1e9e371d6ad77e4f1df6c259f3a2f754

Targets

- Target
  
  file.exe
- Size
  
  1.9MB
- MD5
  
  251cc9c3455844f3eaa98b0fc2c1ded4
- SHA1
  
  5199e0bb9c9bce61b2b80a2ccc09bfc1c2b6da05
- SHA256
  
  75a5cf0475460c31e228bd47cfb22b11300156aced58a14c6d6faba407fe2c2d
- SHA512
  
  f22c91d2af55eb37e93bdcd31953926bdcfdd621829e375da25f4e058eb67084922d08c6831366523dc698a59c9c3d61b6bf8a7c2009df16959df88e68612c31
- SSDEEP
  
  6144:p9WOZZrGrsSFB+ekKM1V3XAOP9krrXwLbbtCfi3bEDNLgXsNxqUO2IaO9w+Pk+uE:zrZZrGrsSu3X19k3KQi3bqNLqF2Nj2L
Score

10^/10

redline installs infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinstallsinfostealerspyware

behavioral2

redlineinstallsinfostealerspyware