redline | 3d351537601a0376696275c44081dffd5923f482bbc37b77c8f958d85435e24f | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

639KB
Sample

221117-qsyzcsee33
MD5

757e1bbc3bde4d37d2c063f08d01509e
SHA1

2b8613dd89f08b4a68d9bdc491e52d367b269c6d
SHA256

3d351537601a0376696275c44081dffd5923f482bbc37b77c8f958d85435e24f
SHA512

2af6a8cd3606686dee8923531eb62f73f7398e85acccd25598b67c22fc2a4a6af165070b53a06708ba9aa9b6d4c29d51b6b0a9c3441b3ad6b90ab85508a49fdf
SSDEEP

12288:f/xWqRrxZUvuall74VP0eNBmuPWYpwjP+TByuJ3MuMQ7KnFyC:4qacP0Gpm7uJ7rOFyC

Score

10^/10

redline test1 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

redline test1 infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline test1 infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

test1

C2

49.12.226.201:6436

Attributes

auth_value
94f35c6d32384a2d7321ca24c9970e4e

Targets

- Target
  
  file.exe
- Size
  
  639KB
- MD5
  
  757e1bbc3bde4d37d2c063f08d01509e
- SHA1
  
  2b8613dd89f08b4a68d9bdc491e52d367b269c6d
- SHA256
  
  3d351537601a0376696275c44081dffd5923f482bbc37b77c8f958d85435e24f
- SHA512
  
  2af6a8cd3606686dee8923531eb62f73f7398e85acccd25598b67c22fc2a4a6af165070b53a06708ba9aa9b6d4c29d51b6b0a9c3441b3ad6b90ab85508a49fdf
- SSDEEP
  
  12288:f/xWqRrxZUvuall74VP0eNBmuPWYpwjP+TByuJ3MuMQ7KnFyC:4qacP0Gpm7uJ7rOFyC
Score

10^/10

redline test1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetest1infostealerspyware

behavioral2

redlinetest1infostealerspyware

© 2018-2024

Terms | Privacy