redline | 9ed9f4d080d71c32f86f8c35727ab2c83ef258bb336d4ce825f26b7adce62201 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ed9f4d080d71c32f86f8c35727ab2c83ef258bb336d4ce825f26b7adce62201
Size

2.5MB
Sample

230808-em7hrsca2y
MD5

398e0c4a22c10c386e6610c4c943050c
SHA1

a6793f7cd922432191e1901229c8c743bf67a042
SHA256

9ed9f4d080d71c32f86f8c35727ab2c83ef258bb336d4ce825f26b7adce62201
SHA512

e8587583aca22497c8c41de2174cf0b53dcaca7c8754f96bc65c9205927698777ce1df88c276929152bd8c7a57156904be7d6dff55f6115248d742391407c660
SSDEEP

24576:VBQbCdwwRt3PWYbHBs8CL5L6a9DhvhN4IH8qOkVeu:VPRt3PWuBsV6a3v9DOkVeu

Score

10^/10

redline 1112224312 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1112224312

C2

https://pastebin.com/raw/NgsUAPya

Targets

- Target
  
  9ed9f4d080d71c32f86f8c35727ab2c83ef258bb336d4ce825f26b7adce62201
- Size
  
  2.5MB
- MD5
  
  398e0c4a22c10c386e6610c4c943050c
- SHA1
  
  a6793f7cd922432191e1901229c8c743bf67a042
- SHA256
  
  9ed9f4d080d71c32f86f8c35727ab2c83ef258bb336d4ce825f26b7adce62201
- SHA512
  
  e8587583aca22497c8c41de2174cf0b53dcaca7c8754f96bc65c9205927698777ce1df88c276929152bd8c7a57156904be7d6dff55f6115248d742391407c660
- SSDEEP
  
  24576:VBQbCdwwRt3PWYbHBs8CL5L6a9DhvhN4IH8qOkVeu:VPRt3PWuBsV6a3v9DOkVeu
Score

10^/10

redline 1112224312 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline1112224312infostealerspyware

behavioral2

redline1112224312infostealerspyware