redline | 025c50dc386c2be79d51d68465d02c97887696b9308af622b169cc51f6c55aa4 | Triage

Sharing

General

Target

602a4ddfabfe7c1b5fa31290e5295a89.bin
Size

124KB
Sample

240705-cb94easbpe
MD5

23d5e75f49c5e3d3d78a77f34e318bd5
SHA1

fd25302a55348cec9a74182f0d93e1c3ceddba90
SHA256

025c50dc386c2be79d51d68465d02c97887696b9308af622b169cc51f6c55aa4
SHA512

a5cd8d24c541b6983fc9507cda3760faa1215c1fcf3f5cae817e0970d5b87f95662202808fb4ffb5e119a9e0b0a1df08783a49e5ac2ba058d9f535965d4aae4f
SSDEEP

3072:lr3IFZ5RdITmom1Q4DvPJGISUGJ3K+157Z9E3zAMn8Uq:lr3AcpgbPBvGJ3Km7Z9EjAonq

Score

10^/10

redline foz infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

foz

C2

79.110.62.16:1912

Targets

- Target
  
  364e1e1ec53644f83d25bc6457b64f5517c3ae19cf17cc725c91fd3faeba17ba.exe
- Size
  
  648KB
- MD5
  
  602a4ddfabfe7c1b5fa31290e5295a89
- SHA1
  
  faf33c2b48f6f4f9f6937cbd63655bcd7072677a
- SHA256
  
  364e1e1ec53644f83d25bc6457b64f5517c3ae19cf17cc725c91fd3faeba17ba
- SHA512
  
  8a18dd7501e9a509558f858ac684dd5030aff62a073f6307de4d4d27c0a6b39d824f637c7305c648cab23ad68d54a6eb8b62d23e667c3f04c01641e22ca56ad1
- SSDEEP
  
  6144:YgZCAQw89v2xG/o58ZsyW0YRpM8q94nhOc8mf4H444l:SAu8OWe8q9wOcr4H444l
Score

10^/10

redline foz infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefozinfostealerspyware

behavioral2

redlinefozinfostealerspyware