redline | e0540c2e77506c5a91a9d043b8f561f9aecdd5cb0c772b1d3edd442a65bcedd1 | Triage

Sharing

General

Target

tmp
Size

405KB
Sample

230917-zdwecsfb66
MD5

abc7ed1ad98e6e544197bc267acddeda
SHA1

304692fe1361b80ba0a9e7f045096dd8c5e5b715
SHA256

e0540c2e77506c5a91a9d043b8f561f9aecdd5cb0c772b1d3edd442a65bcedd1
SHA512

91f2715d3039682913c86fb213f183f17a3edb67b892b0230742e843252a86379a317ded9cdcf740f48312d89a09232fb326894f34d2b5e1f6334be49c1876ed
SSDEEP

6144:mFLpmE9POTt+wqWbiC+9DAOI6QSgUbb/28YEZTSDcHXto7U/V645RFGAF2pqJg8f:mNQE9GTcN5dNbF+cH96U/d5R0cg8f

Score

10^/10

redline @black_santa21 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@Black_Santa21

C2

94.142.138.4:80

Attributes

auth_value
5a06838de858adf9064d7d2c59f0d1f6

Targets

- Target
  
  tmp
- Size
  
  405KB
- MD5
  
  abc7ed1ad98e6e544197bc267acddeda
- SHA1
  
  304692fe1361b80ba0a9e7f045096dd8c5e5b715
- SHA256
  
  e0540c2e77506c5a91a9d043b8f561f9aecdd5cb0c772b1d3edd442a65bcedd1
- SHA512
  
  91f2715d3039682913c86fb213f183f17a3edb67b892b0230742e843252a86379a317ded9cdcf740f48312d89a09232fb326894f34d2b5e1f6334be49c1876ed
- SSDEEP
  
  6144:mFLpmE9POTt+wqWbiC+9DAOI6QSgUbb/28YEZTSDcHXto7U/V645RFGAF2pqJg8f:mNQE9GTcN5dNbF+cH96U/d5R0cg8f
Score

10^/10

redline @black_santa21 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@black_santa21infostealerspyware

behavioral2

redline@black_santa21infostealerspyware