redline | 8ac294da2b5fed0f7d472c1085839526e554f0fcb61dee906db7d3a7e614274a | Triage

Sharing

General

Target

8ac294da2b5fed0f7d472c1085839526e554f0fcb61dee906db7d3a7e614274aN.exe
Size

6KB
Sample

241202-k1jxhsykg1
MD5

699f560ef94b40660358d8266df4ece0
SHA1

91c9c7c8081f3744482e1c91e461b9801dd9fb8c
SHA256

8ac294da2b5fed0f7d472c1085839526e554f0fcb61dee906db7d3a7e614274a
SHA512

68f91d686d5aedc506540c925ed83157e88c1527c672350cb42ca959af30d0b7a250138a2297bb7e247cf1bb0b59b119bc0a59406b1c6c13761a2527cb2aa3b1
SSDEEP

96:cDD5/TKf21gKbv5z+jLkG5wFDnLj7K9K8OHPl5TzNt:E5/TgSzKLkGWRnH7KTOHt51

Score

10^/10

redline cheat discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

41.216.183.218:1912

Targets

- Target
  
  8ac294da2b5fed0f7d472c1085839526e554f0fcb61dee906db7d3a7e614274aN.exe
- Size
  
  6KB
- MD5
  
  699f560ef94b40660358d8266df4ece0
- SHA1
  
  91c9c7c8081f3744482e1c91e461b9801dd9fb8c
- SHA256
  
  8ac294da2b5fed0f7d472c1085839526e554f0fcb61dee906db7d3a7e614274a
- SHA512
  
  68f91d686d5aedc506540c925ed83157e88c1527c672350cb42ca959af30d0b7a250138a2297bb7e247cf1bb0b59b119bc0a59406b1c6c13761a2527cb2aa3b1
- SSDEEP
  
  96:cDD5/TKf21gKbv5z+jLkG5wFDnLj7K9K8OHPl5TzNt:E5/TgSzKLkGWRnH7KTOHt51
Score

10^/10

discovery redline cheat infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinecheatdiscoveryinfostealerspywarestealer