redline | a41c224334920d8e646928aa0e8472e6f78c0e0cb453cbfa4120a532d0c04df8 | Triage

Resubmissions

29/11/2022, 06:10

221129-gxjwkaff8v 10

Sharing

Copy URL Twitter E-mail

General

Target

Setup.rar
Size

418KB
Sample

221129-gxjwkaff8v
MD5

a70b55e37980177125f04dc21d4cd02d
SHA1

b95550d09e3e6566376a240164a4809f5f9ceaa0
SHA256

a41c224334920d8e646928aa0e8472e6f78c0e0cb453cbfa4120a532d0c04df8
SHA512

7a682e4dcb4ea7a93dbf307afdca7a5c57b0b972fc36687d58ab607c648a9e621e45c4be627c212296cf7d9d602e84059a9697d58ee3e94c4c400ab811cdccdc
SSDEEP

6144:m0dMJxdevMOBJyk0Xq+aALgA2NL+i05pmbUu23UHq3mMg4tqtLGz65X:7nM6wla+ae2NLMLmbLrK3i4Mt+6

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

82.115.223.135:2734

Attributes

auth_value
35a5a35316ce4dde634858c977198002

Targets

- Target
  
  Setup.exe
- Size
  
  715.3MB
- MD5
  
  3060d74c8023d71bc83ef70e31bf9b8b
- SHA1
  
  d5b5c17558a3d034f2e790d2c5de2e982e4fa62a
- SHA256
  
  457fbb8f39cc899ee1814d6e444bfdf197c5d401e31c67bdbe8d4788be0eefd8
- SHA512
  
  ffa849e07b09a7913d69a615b576073bb7cb62009cce5fe87a886f10d93316c3419d2fa92adf7337ce29f4a715ae5fff5a08df47a14194dba91714bb481c5e19
- SSDEEP
  
  12288:qf5zyxD9Sqjor4eJpdORWebZXIhNDz1y31itWQkoLtx8keukjB9dOgVPD77:o5zyXSqjor4eXdOR1f31iIQJx8D9bDf
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  data/ssleay32.dll
- Size
  
  270KB
- MD5
  
  df38eb2002e5979e57babf8b4f6a2f82
- SHA1
  
  219d5837f6461688122d637bf67f041fc6c19aac
- SHA256
  
  5c2f10a772edfbeef8a5261b8677e68c4194cb87f3cb9bc319c8da75cfaefa3f
- SHA512
  
  da4b6ec820f5886102577a7e98187ed45165ee5373504fb4f610cfb47eb2ad6e0b75d868464df4ee8b97f506c2f493a1d3bf029c184c08b311dbc1b76c2a37f6
- SSDEEP
  
  6144:0xnT+R40IInTyFxvYlBtCikIK3gb/VuLXyJxm11VMaorgpa7ivoQXoYwWAaHeeT6:6nKR40IInTyFxvY3tCikIK3gb/VECJxD
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware

behavioral3

behavioral4