redline | c212ba48a109bd687a456421a87059d28673e59167fc72016cbf707dd08737a5 | Triage

Sharing

General

Target

c212ba48a109bd687a456421a87059d28673e59167fc7.exe
Size

16.0MB
Sample

231103-yx9knabg98
MD5

91dbace5bc17870685f7f8d87fad9965
SHA1

0436972e0537dfccc282581e05fdd27e55e71266
SHA256

c212ba48a109bd687a456421a87059d28673e59167fc72016cbf707dd08737a5
SHA512

6d806f5d08cd4297847b2c60c2c556e64ea82e3d6b3bee4bacda2d41ffacd16e9639ea3ddc8a4a5771d8eec98d29d5561826bd1cdd7a2dac1b2b3e21ef3dd3c2
SSDEEP

98304:8kUPS8Y0zONU+ic3cQfM2LshEcGYPrYq7+:zyOncQfM2LsiclPz

Score

10^/10

redline livetraffic infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

195.10.205.17:8122

Targets

- Target
  
  c212ba48a109bd687a456421a87059d28673e59167fc7.exe
- Size
  
  16.0MB
- MD5
  
  91dbace5bc17870685f7f8d87fad9965
- SHA1
  
  0436972e0537dfccc282581e05fdd27e55e71266
- SHA256
  
  c212ba48a109bd687a456421a87059d28673e59167fc72016cbf707dd08737a5
- SHA512
  
  6d806f5d08cd4297847b2c60c2c556e64ea82e3d6b3bee4bacda2d41ffacd16e9639ea3ddc8a4a5771d8eec98d29d5561826bd1cdd7a2dac1b2b3e21ef3dd3c2
- SSDEEP
  
  98304:8kUPS8Y0zONU+ic3cQfM2LshEcGYPrYq7+:zyOncQfM2LsiclPz
Score

10^/10

redline livetraffic infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelivetrafficinfostealerspyware

behavioral2

redlinelivetrafficinfostealerspyware