redline | add6e9827625e6d09da7b134b34bfd0bc52d3c2a23e3efdefebd50319899a007 | Triage

Sharing

General

Target

b489f856fc6221a0d54175e5a8317f16.exe
Size

425KB
Sample

210607-s16pdqb16s
MD5

b489f856fc6221a0d54175e5a8317f16
SHA1

4720dae7e0159f8384c216b385d341d1daed05a3
SHA256

add6e9827625e6d09da7b134b34bfd0bc52d3c2a23e3efdefebd50319899a007
SHA512

ce21ebb45166752fafafc1400a83a7175dbdf505711b44b84c2430121ae60c6f14dd487adb2d4473eda69366195feef165719171cd4b7d3b295a310557c07341

Score

10^/10

redline sel5 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

SEL5

C2

157.90.251.148:53294

Targets

- Target
  
  b489f856fc6221a0d54175e5a8317f16.exe
- Size
  
  425KB
- MD5
  
  b489f856fc6221a0d54175e5a8317f16
- SHA1
  
  4720dae7e0159f8384c216b385d341d1daed05a3
- SHA256
  
  add6e9827625e6d09da7b134b34bfd0bc52d3c2a23e3efdefebd50319899a007
- SHA512
  
  ce21ebb45166752fafafc1400a83a7175dbdf505711b44b84c2430121ae60c6f14dd487adb2d4473eda69366195feef165719171cd4b7d3b295a310557c07341
Score

10^/10

redline sel5 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesel5infostealerspyware

behavioral2

redlinesel5infostealerspyware