redline | f8098003a6d90fa040fc63ca84dff018a12e4dbeec2c7076c92397b49541c2c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

065753f740a0b465cefbf65f1a1716a8.bin
Size

381KB
Sample

230823-bc2yraab9z
MD5

1b3b642d19ce2ba4aa6e2104e8dc631c
SHA1

e7e0ca98262634314617454eed34e95c357e67de
SHA256

f8098003a6d90fa040fc63ca84dff018a12e4dbeec2c7076c92397b49541c2c7
SHA512

57fb87e094a142ca54b36d0a4747a505fce1ab6597363c574d474d2c503efa7307856597188f0f36f7e3ee0f490cfa1a73b0b76dc83e9b89f6c05b759b570e66
SSDEEP

6144:2J5RvE9GahnCGgmfsp4yVuPm2MWatJepRC5r8sgCrpY0o4MjWioAXpsTXJeH/:y3vnfmfsp4knYKrHrp3JRBoAAH/

Score

10^/10

redline test infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

TEST

C2

46.149.77.25:8599

Attributes

auth_value
8bc44a2d180183251d176d7b20ad1f91

Targets

- Target
  
  3905c987a1acfcd789a7e9ac5e66d4445abf120fc1a7b81fb77e9444182d316c.exe
- Size
  
  1.1MB
- MD5
  
  065753f740a0b465cefbf65f1a1716a8
- SHA1
  
  8d91143b08904bd62f306154af2c26a713034ae2
- SHA256
  
  3905c987a1acfcd789a7e9ac5e66d4445abf120fc1a7b81fb77e9444182d316c
- SHA512
  
  0451012310ecbc7524e04463bd5dcfe71c818b2f76f3b686807140129f1f6e6f0730574c3216b33f3f19e8095af86e8d655be6fc16c94ee4b5df6b754fefdc6c
- SSDEEP
  
  24576:tP31/j4b9vK4XWNlM+MAPuh15yZbQzIEMFwpz0:tPSb9vK4sEA815yZbQzIElS
Score

10^/10

redline test infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetestinfostealerspyware

behavioral2

redlinetestinfostealerspyware