redline | 04f31ac7f42862112d47923303bca261d074678084e7f84f875d4cbfdabdfc24 | Triage

Sharing

General

Target

Adobe Photoshop 2022 v23.2.2.325.zip
Size

64.7MB
Sample

220530-txjxsabfd9
MD5

8ee4f66531692d1f079f0ca2a7135406
SHA1

9a554c46ce9b0a64dbb2682fe277d10773e12ddf
SHA256

04f31ac7f42862112d47923303bca261d074678084e7f84f875d4cbfdabdfc24
SHA512

2460bc6f7dd9bafe89bbd0a2a034fdd7868f4034254d8df63d05a98c19b409fd05d7d3e2de0e2518c5d4563b2050dfa7e9b9932061b6be9943d58fb971863f8f

Score

10^/10

redline infostealer link pdf spyware

Malware Config

Extracted

Family

redline

C2

194.93.2.28:46378

Attributes

auth_value
97e69692d8403a5aff22422dec2740bd

Targets

- Target
  
  Setup.exe
- Size
  
  2.2MB
- MD5
  
  775e498a631f09987d0e1945c47a01aa
- SHA1
  
  df5de4d57d5ce1ac849940e1c4906ffbc36efb6d
- SHA256
  
  f2fbdc1e852712d8b0a1f6c7090d9fc81694c9604cff9b48900f596431d47158
- SHA512
  
  ccef0c27f1a7c2cfbe791628f841374ce232069fcae97ded44211df91ace6505dc63ba8381bcfcccda586dd611283b35115fcce707780ec31ec5111a9b592885
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware