redline | f34b0225bb66e46f6bb28fa9f1452cd2051adb3e7d2ff8a7f706668648d6a9d5 | Triage

Sharing

General

Target

Notepad.zip
Size

7.7MB
Sample

221003-q5d5qahhhn
MD5

ccde406f06d26064ae64dc23ae833181
SHA1

8a7dc46ce56ceb552038890550deb8bbd72b25ba
SHA256

f34b0225bb66e46f6bb28fa9f1452cd2051adb3e7d2ff8a7f706668648d6a9d5
SHA512

9c748b08d9ded37cfd38e269f10152793acdffaa06199fb394f4eb90133aa13ea5ee9446cbdb61e898386aed1272ef6b6443455a81f52cf36fff1310b0bdf191
SSDEEP

196608:ilhMTTbQR8RSrem1qKokqJoGJE/sxn/z70+nySHZ:ilhITUwSamU6qJAg/z70MRZ

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

38.91.100.58:17559

Attributes

auth_value
086df97ad30d1e62a2783489b368b7f8

Targets

- Target
  
  Notepad++/Notepad++ Setup.exe
- Size
  
  711.5MB
- MD5
  
  b76e7e5d2effd07d23402ec56dc111af
- SHA1
  
  7a8442394ea4368f32d3d987ce05e0b3d9ad7d29
- SHA256
  
  9dfded7ae70d386c01746f3baf5fcffc37217cc037062b066a87150c0fbfec8b
- SHA512
  
  a72e3dfa82c176517806b97be514e0b4ac8593a8526218fc7af88d7866e3f26a0f93cc66b6d2fdc0ff111c11aebd149b6af16a8fa8086df8b1334885ad9ca583
- SSDEEP
  
  196608:zlJIFi6xKJYmp2E2cGx4jg9hv+E/1g+G:hJIZKimA4Gyj+vvc
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Notepad++/include/ECM_Quickstart_DEU.pdf
- Size
  
  268KB
- MD5
  
  e2503ab3cddcafb71544c30541013449
- SHA1
  
  629fb2445e4e769beeb18fe8128b246cb5b49bf3
- SHA256
  
  504d66c29bcc5e9715b6360166794e12c1b92f3095befd92b2c8b0c7fba9e3ef
- SHA512
  
  14eb36ff64ad83a86fe7b1977455aa32d7f633ac50aa425081d8851a695d9ab69246c1b718e98b7a87247a0add4987e27bbd9808d5bbbcbfc4befa5ed4501b66
- SSDEEP
  
  3072:4JB3ZF+FsjtuZrd9AkcarIhZ624j0/xp5776TN0Umk3VdYxss981s3qNOddeCFRI:0ZFbIxd9sPj6FA/xr2TzdYxsvuFTWap4
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware

behavioral3

behavioral4