redline | 5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe
Size

2.8MB
Sample

241001-g6de5svemn
MD5

8f86128dfea02b5f1b28221aa0fbb391
SHA1

ac249d130db76607902fe00c467db5683ef531fd
SHA256

5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe
SHA512

21162185db4bf61c0cf4d8a70cd302b4234cf91c57e113fead69264d30bbd61eb7382d4b9e6b5fa274de6e81beefa062792018700326b87c751597a453fa326d
SSDEEP

49152:wbkzSYl+aFUUhf3LIc3VEarMlonlT3ZGfdPjTV2sJ7CQUmhS:eoLX3VEarXs67

Score

10^/10

redline xx discovery infostealer persistence spyware

Malware Config

Extracted

Family

redline

Botnet

xx

C2

207.246.113.185:46836

Targets

- Target
  
  5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe
- Size
  
  2.8MB
- MD5
  
  8f86128dfea02b5f1b28221aa0fbb391
- SHA1
  
  ac249d130db76607902fe00c467db5683ef531fd
- SHA256
  
  5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe
- SHA512
  
  21162185db4bf61c0cf4d8a70cd302b4234cf91c57e113fead69264d30bbd61eb7382d4b9e6b5fa274de6e81beefa062792018700326b87c751597a453fa326d
- SSDEEP
  
  49152:wbkzSYl+aFUUhf3LIc3VEarMlonlT3ZGfdPjTV2sJ7CQUmhS:eoLX3VEarXs67
Score

10^/10

redline xx discovery infostealer persistence spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinexxdiscoveryinfostealerpersistencespyware

behavioral2

redlinexxdiscoveryinfostealerpersistencespyware