redline | b34b6bcd3cbb05bc2669aa42ee5aad7d1dfb38da9d812201ab3697b146386001 | Triage

Sharing

General

Target

Installer.exe
Size

1.2MB
Sample

230722-jpww9saa28
MD5

44dec7524ec27f79d2672229ec6c2c9c
SHA1

388ca4c01912394eee2dc0f7bbc5df591f1bf29a
SHA256

b34b6bcd3cbb05bc2669aa42ee5aad7d1dfb38da9d812201ab3697b146386001
SHA512

2d901485d39a57fd7946228f2ba5541a5f1788bf92520d742601859225a7ffa87e7cf4e0f09e4c9ae157475babbe715790128e05e57a17e44fd96b4730850292
SSDEEP

24576:0A0SPqZ0pgfBUBJX2xrlDiEXsFPloA369:V/gfBUBJXIiEXiqA3e

Score

10^/10

redline 2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

2

C2

77.246.109.183:43893

Attributes

auth_value
505f25c1d56b06ffc67ad4c541d5fcf0

Targets

- Target
  
  Installer.exe
- Size
  
  1.2MB
- MD5
  
  44dec7524ec27f79d2672229ec6c2c9c
- SHA1
  
  388ca4c01912394eee2dc0f7bbc5df591f1bf29a
- SHA256
  
  b34b6bcd3cbb05bc2669aa42ee5aad7d1dfb38da9d812201ab3697b146386001
- SHA512
  
  2d901485d39a57fd7946228f2ba5541a5f1788bf92520d742601859225a7ffa87e7cf4e0f09e4c9ae157475babbe715790128e05e57a17e44fd96b4730850292
- SSDEEP
  
  24576:0A0SPqZ0pgfBUBJX2xrlDiEXsFPloA369:V/gfBUBJXIiEXiqA3e
Score

10^/10

redline 2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline2infostealerspyware

behavioral2

redline2infostealerspyware