redline | 513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708
Size

347KB
Sample

221109-21b1cachc9
MD5

b3e1efe59092fb2faece0b262e6bad4a
SHA1

44400848df05d59fa64549a6f07ded31ca1f3cce
SHA256

513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708
SHA512

6c6c469ebfd5eefabf9c60d3c4f48f20d5bee2fb1dc91ffe38930a43c91d8ce9198b8512c48a89d0ce1acf20edb84f4fc42c0efb9f560bce8c66f875825d4cc7
SSDEEP

6144:XCn591vv3O4WKk7xaoJ5E0npYLaBPiOpAOeSUL:k591vGxad+7BPzpnc

Score

10^/10

redline test1 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708.exe

Resource

win7-20220812-en

redline test1 infostealer spyware

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708.exe

Resource

win10-20220812-en

redline test1 infostealer spyware

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

Test1

C2

45.15.156.48:8285

Attributes

auth_value
3ec6815aabd0bab316e997c1c7898294

Targets

- Target
  
  513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708
- Size
  
  347KB
- MD5
  
  b3e1efe59092fb2faece0b262e6bad4a
- SHA1
  
  44400848df05d59fa64549a6f07ded31ca1f3cce
- SHA256
  
  513de1ec55d1794ee00f2d5fd8873e8dc0d848bf65d44e4b542170f50415d708
- SHA512
  
  6c6c469ebfd5eefabf9c60d3c4f48f20d5bee2fb1dc91ffe38930a43c91d8ce9198b8512c48a89d0ce1acf20edb84f4fc42c0efb9f560bce8c66f875825d4cc7
- SSDEEP
  
  6144:XCn591vv3O4WKk7xaoJ5E0npYLaBPiOpAOeSUL:k591vGxad+7BPzpnc
Score

10^/10

redline test1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetest1infostealerspyware

behavioral2

redlinetest1infostealerspyware

© 2018-2024

Terms | Privacy