redline | 577e25a072c7f933832e4d9b73bd806bf77fa56207f3c12384d4bebd03de3d7d | Triage

Sharing

General

Target

2c79be71b6ea9a6c779e8cc2c4a98f39.exe
Size

1.1MB
Sample

230821-jvzkcabf55
MD5

2c79be71b6ea9a6c779e8cc2c4a98f39
SHA1

7790de567649e48b23b400942444c29ccdbcedb2
SHA256

577e25a072c7f933832e4d9b73bd806bf77fa56207f3c12384d4bebd03de3d7d
SHA512

e0b4887b19bb008b10c9463e2bf20d8428ae490c012b14f6a41b7abe49803930e155de1a436952646f3d08ddc63936063e4ea23871d9f35ba096adc6804560bf
SSDEEP

12288:/k7VqU/1/jovUc7PvqoPXaq3Kt/VCzpG5XM+mJI/3eD5+1uYdHp3I6YrNBsPfxLw:/kd1/jg7PvqovaBlM+EIPeEAxihwpz

Score

10^/10

redline test infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

TEST

C2

46.149.77.25:8599

Attributes

auth_value
8bc44a2d180183251d176d7b20ad1f91

Targets

- Target
  
  2c79be71b6ea9a6c779e8cc2c4a98f39.exe
- Size
  
  1.1MB
- MD5
  
  2c79be71b6ea9a6c779e8cc2c4a98f39
- SHA1
  
  7790de567649e48b23b400942444c29ccdbcedb2
- SHA256
  
  577e25a072c7f933832e4d9b73bd806bf77fa56207f3c12384d4bebd03de3d7d
- SHA512
  
  e0b4887b19bb008b10c9463e2bf20d8428ae490c012b14f6a41b7abe49803930e155de1a436952646f3d08ddc63936063e4ea23871d9f35ba096adc6804560bf
- SSDEEP
  
  12288:/k7VqU/1/jovUc7PvqoPXaq3Kt/VCzpG5XM+mJI/3eD5+1uYdHp3I6YrNBsPfxLw:/kd1/jg7PvqovaBlM+EIPeEAxihwpz
Score

10^/10

redline test infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetestinfostealerspyware

behavioral2

redlinetestinfostealerspyware