redline | 5be845902145831466d3b710541d2c5a53cfc50108126c8802b48226e89e1887 | Triage

Submit
Reports

Overview

overview

Static

static

CD2436F1CE...7F.exe

windows7-x64

CD2436F1CE...7F.exe

windows10-2004-x64

Sharing

General

Target

CD2436F1CEC484076BE83744B0D4E87F.fil
Size

2.4MB
Sample

220830-wtgdlacfhk
MD5

cd2436f1cec484076be83744b0d4e87f
SHA1

425319f0e8add17e8f430087ba590190dfbf5250
SHA256

5be845902145831466d3b710541d2c5a53cfc50108126c8802b48226e89e1887
SHA512

b465013ef79f6d16dae386c5b05995b3e95167bfdc49363b93679f33e5c46686edf30ce921c6e60aa62526e2c36bf7f529f217a18c496002e028d90306fd9ab1
SSDEEP

24576:pE+5OCYAY49zG/F2Mgeo6erV6X16+vHJrQdPFc3w5TTGgLNMuKbl3RuQ55313b:pN59R8vHJitc3w5TTGgpCl3N

Score

10^/10

redline @forceddd_lzt infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

CD2436F1CEC484076BE83744B0D4E87F.exe

Resource

win7-20220812-en

redline @forceddd_lzt infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

CD2436F1CEC484076BE83744B0D4E87F.exe

Resource

win10v2004-20220812-en

redline @forceddd_lzt infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@forceddd_lzt

C2

5.182.36.101:31305

Attributes

auth_value
91ffc3d776bc56b5c410d1adf5648512

Targets

- Target
  
  CD2436F1CEC484076BE83744B0D4E87F.fil
- Size
  
  2.4MB
- MD5
  
  cd2436f1cec484076be83744b0d4e87f
- SHA1
  
  425319f0e8add17e8f430087ba590190dfbf5250
- SHA256
  
  5be845902145831466d3b710541d2c5a53cfc50108126c8802b48226e89e1887
- SHA512
  
  b465013ef79f6d16dae386c5b05995b3e95167bfdc49363b93679f33e5c46686edf30ce921c6e60aa62526e2c36bf7f529f217a18c496002e028d90306fd9ab1
- SSDEEP
  
  24576:pE+5OCYAY49zG/F2Mgeo6erV6X16+vHJrQdPFc3w5TTGgLNMuKbl3RuQ55313b:pN59R8vHJitc3w5TTGgpCl3N
Score

10^/10

redline @forceddd_lzt infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@forceddd_lztinfostealerspyware

behavioral2

redline@forceddd_lztinfostealerspyware

© 2018-2024

Terms | Privacy