redline | 17f19a2958e9255a23696986a35c6c062b679b58c30240e15da1558c8e361e8d | Triage

Sharing

General

Target

Install.zip
Size

7.3MB
Sample

230808-p9y51scf27
MD5

bd56859178267afe96ea741fad195150
SHA1

1e1efe99304ed4bc22df3625760cadcf7ebf25ed
SHA256

17f19a2958e9255a23696986a35c6c062b679b58c30240e15da1558c8e361e8d
SHA512

d8a477a49ee938223e8225253ca8f76a9491157d583e1c49749224185a8de12240bd1efde3462ce5990ef8c9b2818d72a69e77a7d1a3053d35e7f4f22541071a
SSDEEP

196608:93U/QapXzMUTj9D66MJ6X3IW5ZSItazt1z3J19e:93ROjMexDm6XYWRsXz3J19e

Score

10^/10

redline @ffffffffffbbbbb infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@ffffffffffbbbbb

C2

94.142.138.4:80

Attributes

auth_value
3d2760617942bd3bd74e9a04f475a370

Targets

- Target
  
  Install/Kammi.exe
- Size
  
  1.0MB
- MD5
  
  5f5f589fc09c323e66bdb7c8b7cc0b27
- SHA1
  
  5757c6bfbd8b0e6cd8ca98706624b983307d3936
- SHA256
  
  387a2b8413c81fc7068a4cc2be5bb42d87fb68ece3596b453226bb820cbad9ed
- SHA512
  
  105dd621d3010730dcf89487acef41405c96b068876f7022203d465fdb69b6e1d8b5cbbfb43e307c655f1b4cfed98c1426ca903c1f907cd14c160e5c2c5db059
- SSDEEP
  
  12288:W1TThs7COB7k4Rl6nHKHLhGTMP1kLQV8RKg6Pkqqo/Wtq12XniKg9EJ3fCTtuzBw:0nhs7CW7k4RlJmqbMg9EJqTTJGEh
Score

10^/10

redline @ffffffffffbbbbb infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@ffffffffffbbbbbinfostealerspyware

behavioral2

redline@ffffffffffbbbbbinfostealerspyware