redline | e6695283447e08a992fde58b23bb0e3bcdf8111d69ba3caf96b16869b3c994e6 | Triage

Sharing

General

Target

ad704ae529bf043358e8393838ccea12.exe
Size

282KB
Sample

230102-mghlfsdh64
MD5

ad704ae529bf043358e8393838ccea12
SHA1

b5baed3a38a0eea3a30214821b4e64eb0006fd1f
SHA256

e6695283447e08a992fde58b23bb0e3bcdf8111d69ba3caf96b16869b3c994e6
SHA512

ab12192d56433ac4364401771f3ba17f187af9190c9bc4cacce2b1ccc0da42ed096d7c3936612158ba8f2b351464c8a46e1db78bebc6d9d3baeefe6614ec0052
SSDEEP

3072:MJ4fA8oE7AvZdlCR+zM/rgITMWPYlO4myQ9B0nk0kebT4tAMq/HhMlun5jHMusH:cWA8oEoCRj/rVTF9mnjcA7ZQu54us

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

95.216.252.182:4277

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  ad704ae529bf043358e8393838ccea12.exe
- Size
  
  282KB
- MD5
  
  ad704ae529bf043358e8393838ccea12
- SHA1
  
  b5baed3a38a0eea3a30214821b4e64eb0006fd1f
- SHA256
  
  e6695283447e08a992fde58b23bb0e3bcdf8111d69ba3caf96b16869b3c994e6
- SHA512
  
  ab12192d56433ac4364401771f3ba17f187af9190c9bc4cacce2b1ccc0da42ed096d7c3936612158ba8f2b351464c8a46e1db78bebc6d9d3baeefe6614ec0052
- SSDEEP
  
  3072:MJ4fA8oE7AvZdlCR+zM/rgITMWPYlO4myQ9B0nk0kebT4tAMq/HhMlun5jHMusH:cWA8oEoCRj/rVTF9mnjcA7ZQu54us
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware