redline | 5af62720d9119f381d88dc30ef6e7a71aca7428f4ad54721f1ffa253a1231546 | Triage

Sharing

General

Target

2eb435e7827a8260b08a29a03e4652b6.exe
Size

173KB
Sample

221124-zyv94aaa57
MD5

2eb435e7827a8260b08a29a03e4652b6
SHA1

218f5646d1443f4e46bba7709ba79298ab288328
SHA256

5af62720d9119f381d88dc30ef6e7a71aca7428f4ad54721f1ffa253a1231546
SHA512

510da9fb18b83eeeef3c0f917da3788601ca4fb6f14c0b5e92c1e8574c6ee7ce4817d4454db4e7b18be2725b7636b4d8a8a1a4de2cb500a6d7444d03a5c1d9c7
SSDEEP

3072:VfOoAcE+GtMBCTk7yq0LtE1bUEaehKackNo/6:VfOoI+GtMB1WtE1bdC7kN

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

79.137.192.9:19788

Attributes

auth_value
d7d6e6b0afe836c96a3aee94b2b51dd3

Targets

- Target
  
  2eb435e7827a8260b08a29a03e4652b6.exe
- Size
  
  173KB
- MD5
  
  2eb435e7827a8260b08a29a03e4652b6
- SHA1
  
  218f5646d1443f4e46bba7709ba79298ab288328
- SHA256
  
  5af62720d9119f381d88dc30ef6e7a71aca7428f4ad54721f1ffa253a1231546
- SHA512
  
  510da9fb18b83eeeef3c0f917da3788601ca4fb6f14c0b5e92c1e8574c6ee7ce4817d4454db4e7b18be2725b7636b4d8a8a1a4de2cb500a6d7444d03a5c1d9c7
- SSDEEP
  
  3072:VfOoAcE+GtMBCTk7yq0LtE1bUEaehKackNo/6:VfOoI+GtMB1WtE1bdC7kN
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealer