redline | 7c21f688089226d4e1de7023c94b5b8a8ef8a8a5599007bbd659590f2c282c82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c21f688089226d4e1de7023c94b5b8a8ef8a8a5599007bbd659590f2c282c82_JC.exe
Size

393KB
Sample

231012-snf9vsfg71
MD5

ca0acae581f1f0d0051c75c50e0e8fed
SHA1

5e7d4cf151ebc4270cafb59515865b9b1e949805
SHA256

7c21f688089226d4e1de7023c94b5b8a8ef8a8a5599007bbd659590f2c282c82
SHA512

238e0955cddd5bfba94e2f01d7d7a27d5d7e661b867aab243be67c129e8b470f809d4b52f08d09704135b10a85768eba6150b2d5b3d94cce1fa9d6566b7a4f88
SSDEEP

12288:JeFzZtT78Tiym0cIWLZs9FXu/uSwNh8Ey:gZt/1uSwNhZ

Score

10^/10

redline @nomadmaker infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@nomadmaker

C2

94.142.138.4:80

Attributes

auth_value
22574d786aa3ef72456952a316e97568

Targets

- Target
  
  7c21f688089226d4e1de7023c94b5b8a8ef8a8a5599007bbd659590f2c282c82_JC.exe
- Size
  
  393KB
- MD5
  
  ca0acae581f1f0d0051c75c50e0e8fed
- SHA1
  
  5e7d4cf151ebc4270cafb59515865b9b1e949805
- SHA256
  
  7c21f688089226d4e1de7023c94b5b8a8ef8a8a5599007bbd659590f2c282c82
- SHA512
  
  238e0955cddd5bfba94e2f01d7d7a27d5d7e661b867aab243be67c129e8b470f809d4b52f08d09704135b10a85768eba6150b2d5b3d94cce1fa9d6566b7a4f88
- SSDEEP
  
  12288:JeFzZtT78Tiym0cIWLZs9FXu/uSwNh8Ey:gZt/1uSwNhZ
Score

10^/10

redline @nomadmaker infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@nomadmakerinfostealerspyware

behavioral2

redline@nomadmakerinfostealerspyware