redline | 2736d7aa6bb8920eca1cb9243074c672e1b45f3c76eabb1cf9034e26bf369e2e | Triage

Sharing

General

Target

2736d7aa6bb8920eca1cb9243074c672e1b45f3c76eabb1cf9034e26bf369e2e
Size

2.4MB
Sample

221101-kqz6raager
MD5

39a15d2f551dff7f271992e969039c34
SHA1

f25dd1ecaf70056824c9492649aec3f62922a3d4
SHA256

2736d7aa6bb8920eca1cb9243074c672e1b45f3c76eabb1cf9034e26bf369e2e
SHA512

7227ca28af30d2d8810a04e879085ac3f6a9e9543cef4c657f6800bd4519fedb4bcd89537ad6c2cf59d7a5f263c01a4abdbf4777dcb0b23268ee04002aae4d52
SSDEEP

24576:JWi4Xa3YGYwjCulMXR2lu7lOc0s0SNyosrHMLaSQ/l3RuQ55313l:JWiloESN9srHM2Vl37

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

185.106.92.8:38644

Attributes

auth_value
5a3b7c376468ea67b452b4925be5f1f2

Targets

- Target
  
  2736d7aa6bb8920eca1cb9243074c672e1b45f3c76eabb1cf9034e26bf369e2e
- Size
  
  2.4MB
- MD5
  
  39a15d2f551dff7f271992e969039c34
- SHA1
  
  f25dd1ecaf70056824c9492649aec3f62922a3d4
- SHA256
  
  2736d7aa6bb8920eca1cb9243074c672e1b45f3c76eabb1cf9034e26bf369e2e
- SHA512
  
  7227ca28af30d2d8810a04e879085ac3f6a9e9543cef4c657f6800bd4519fedb4bcd89537ad6c2cf59d7a5f263c01a4abdbf4777dcb0b23268ee04002aae4d52
- SSDEEP
  
  24576:JWi4Xa3YGYwjCulMXR2lu7lOc0s0SNyosrHMLaSQ/l3RuQ55313l:JWiloESN9srHM2Vl37
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware