redline | 877295a024136906d601c165783186d49b1d175b81a6caa99851eee3e35486c8 | Triage

Sharing

General

Target

3f5bb3fc080ece9c6f87004c4f0b052a.bin
Size

316KB
Sample

230831-bqnchscb66
MD5

239993c4d03a484f72cd9273f58073e6
SHA1

dd19f1f05c7a495b0fbab5d49be3566de78313d8
SHA256

877295a024136906d601c165783186d49b1d175b81a6caa99851eee3e35486c8
SHA512

0d5c9b9bbeba115a568354ceeba28f813d7ad91bea7886dd7419df4aa30a3fdbc8554a2fa9e6221e819a1fed709f7f77315a3d9363c46db8b82b1e0e6a7c57cb
SSDEEP

6144:uFyx4iKJ+FWIZPQZrIK2/DePLGyTfLH0sVAojOSEOcKrT5yNGPvcBQXVy:uJnBZUKHLGMzUiA2Oud08I

Score

10^/10

redline 1149276168_99 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1149276168_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

- Target
  
  e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0.exe
- Size
  
  482KB
- MD5
  
  3f5bb3fc080ece9c6f87004c4f0b052a
- SHA1
  
  286da433d2ab965c7ac94a9ab8838ed74c5e5ee3
- SHA256
  
  e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0
- SHA512
  
  3dc0489ced9d15d485d0bf3a2c007841238691705e73e1d8a0549ec09e2b9e66488d953207c81cfea2ba1171d61a512a10c3f2bada8c5febdf2155f0c6c792a3
- SSDEEP
  
  12288:qubsNSOetfARQAPyGUfT+tkrhWJNOnMv77:qubsnafAPyjZrgnv77
Score

10^/10

redline 1149276168_99 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline1149276168_99infostealerspyware

behavioral2

redline1149276168_99infostealerspyware