redline | 6d844db8d4cf6048f06a11dafe55c3f02d71c9a4bb236b56f912dfb9bcfa4599 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

3.0MB
Sample

230805-ql8vzseb31
MD5

393bbfb68e9cd376a290f4026abcdfef
SHA1

523b96ce51448f8a4d1d75244ce54c658becd7a8
SHA256

6d844db8d4cf6048f06a11dafe55c3f02d71c9a4bb236b56f912dfb9bcfa4599
SHA512

f9a1b5d88a3ecd4ba503f65e6c58a4dc98735daf3fed9627bcaa8e7e64c4f1a8e2388755327f5bf5136cd7e9af7bbcabdc5400c2ca24ccb541db4cdcd2108b45
SSDEEP

12288:5jrLxC8UuOdAttjvbLeErag5KFvDe22pudOLVedfiQ+MBumQjTwKEvkwv8ZVyU:ZxC8iAttjvbiE15KNEVedfii4VEMwi5

Score

10^/10

redline trafico infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

trafico

C2

176.123.9.142:14845

Attributes

auth_value
ae8f72bc34fc0c248b3abb9f51375751

Targets

- Target
  
  file.exe
- Size
  
  3.0MB
- MD5
  
  393bbfb68e9cd376a290f4026abcdfef
- SHA1
  
  523b96ce51448f8a4d1d75244ce54c658becd7a8
- SHA256
  
  6d844db8d4cf6048f06a11dafe55c3f02d71c9a4bb236b56f912dfb9bcfa4599
- SHA512
  
  f9a1b5d88a3ecd4ba503f65e6c58a4dc98735daf3fed9627bcaa8e7e64c4f1a8e2388755327f5bf5136cd7e9af7bbcabdc5400c2ca24ccb541db4cdcd2108b45
- SSDEEP
  
  12288:5jrLxC8UuOdAttjvbLeErag5KFvDe22pudOLVedfiQ+MBumQjTwKEvkwv8ZVyU:ZxC8iAttjvbiE15KNEVedfii4VEMwi5
Score

10^/10

redline trafico infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetraficoinfostealerspyware

behavioral2

redlinetraficoinfostealerspyware