redline | 796f20fe2e4099f7f252d232873771a4bb4dfc59e19734e07663c4ffa568c66d | Triage

Sharing

General

Target

main.zip
Size

46.2MB
Sample

240709-kdyr6axekd
MD5

4d07e7fcd207e2d796722c43e0c38bc3
SHA1

bcb76b2c87fee686462bbd28e7bc34ad50714437
SHA256

796f20fe2e4099f7f252d232873771a4bb4dfc59e19734e07663c4ffa568c66d
SHA512

a96d1c88f5ed3cc1fddd477e97ed1fd5151831a8bafb43dac01a6b34f0460ddf4c2b8520387c02d09ca2e41441a7c88345fdc808d3f66da79e62d235c4755a5c
SSDEEP

786432:t/CeXh025PCzGfMeDPrFzFuIiOJKr6ryTvBiTI93s4UpR2ogJwi/vUXC7EXANdFh:tq+V5PCzXeLrFpuIie/rEJi+hUR2oJi9

Score

10^/10

redline @nmrzv88 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@nmrzv88

C2

94.228.166.68:80

Targets

- Target
  
  main.exe
- Size
  
  483KB
- MD5
  
  c719207d9274e31ec18ef2223f1e0c5e
- SHA1
  
  03152f0c164407c417ea0c60b375c18ec4a29aad
- SHA256
  
  01902b29e0b5f508f8e8e8f66ee1aff5d7cfc2ab48764d3080aad42a34c337ae
- SHA512
  
  547b584e45b6f362558e297221a0f2d67bbe2629a2461d6a216832aa4e716ad712b7e6dce97bbf321020fbbfe0c22d753865bf12badc46e1190707d7a89085d9
- SSDEEP
  
  12288:MBcF6NbhZbQHV6KuW0LEE3XNe12fu/vzA2nb2F8eO/BFlte8M8Mvsv4C9IhLHKvk:cU6NviR
Score

10^/10

redline @nmrzv88 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@nmrzv88infostealerspyware