redline | 16bb1d23e00dd0aea90fde15ef55fa5f1a0fff13bf4ef27724fb13f248808eaf | Triage

Sharing

General

Target

Installer.rar.1
Size

822KB
Sample

230103-x8c56acf46
MD5

3984c02ac3c30abe2523570b4afacbfc
SHA1

25787eecd5483d30e22397e36f2e9d611ce437fa
SHA256

16bb1d23e00dd0aea90fde15ef55fa5f1a0fff13bf4ef27724fb13f248808eaf
SHA512

f5185bf5e1b8708da93fe8697adae46ffb31e4cc998a73c507ed94f694cac2aafe59a66c5aad31e1ed7db94a814b44b210b24c1d2ffca8fe0a2dc5313fb0c793
SSDEEP

24576:TTeRiAztYIKjbXIXRoH6AEnFgefgXYbYR:fJAxfKjTIXaaJ8GQ

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

185.215.113.69:15544

Attributes

auth_value
ee60c5c11edefc0ad32b9374f9b8950e

Targets

- Target
  
  Installer/DirectX2D.dll
- Size
  
  74KB
- MD5
  
  8007e86641d16e884bf59012f5ba6e21
- SHA1
  
  6ef0792bb5262bdd890ec0547cc4b882f1ec732c
- SHA256
  
  71c6dc21f24ac87f16a0ecac17bb2fa135962af2df7c8dae8e2e3cd669ddde8d
- SHA512
  
  3bedd9c7786eb882bc1b2225e8bff51447cf7a8de541757a49f2390212025662cc4b9b3afa225d5732f8f48e5dedc82346fd4d88bb4df4b33fbefbfb56179c2a
- SSDEEP
  
  1536:N9rxMjLwEdysf5Oxcb7+9CTSj5vcvwLQb5kk9khkgxDg9nHxLghp:swE1cu7+9CTW5UvkQbeLxDgFk
Score

1^/10
behavioral1 behavioral2
- Target
  
  Installer/Serilog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral3 behavioral4
- Target
  
  Installer/Setuр.exe
- Size
  
  791KB
- MD5
  
  18c79110d5fd58e421e2bb14a84e6311
- SHA1
  
  083bb88afedd6c89f903b1281acc7dd937da2f33
- SHA256
  
  b955ea39dcfbf3d23ea2ae907c4bfd9b7b606c812d7acc740c8a76fcb8038212
- SHA512
  
  645f5d1856a8c077ca136c7968a2d093277a4594656d4cb67563cee084e4e639cc6c79eef8f75d1d6530c64ed2bf6f8ba05bdce492bf756cb39799fd2e7f65f5
- SSDEEP
  
  24576:V0lFYoq77FED1/LTeXGVFkzncassocPoU:IFf+6DNiAassbPoU
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  Installer/archivelog.dll
- Size
  
  49KB
- MD5
  
  11eb138db53f5896f3cf95144d04132a
- SHA1
  
  204fd914b84630366c3a656254f39a99a884d8d4
- SHA256
  
  f80c92ce064a19d514cdaaf1838244f203c188462d26119df7b408291d68f8b8
- SHA512
  
  da60124b8c95e6bc7d123def35e61041f567df57401737ad3fdaeef12140d2a6410eedf6cd29889f401cae4cff7b6c0bdd71507b2885e06cb39d75da42bd63d5
- SSDEEP
  
  1536:Pyl9DERHUxDiJrVPpO+KeH8Ie1sGvLq4WMn:Kl9DGHUxDiJrRcIcsYV
Score

1^/10
behavioral7 behavioral8
- Target
  
  Installer/d2patch.dll
- Size
  
  976KB
- MD5
  
  b6dde6f8a1b88fe4aae962064a6f5271
- SHA1
  
  177543d5128191e4eabeabd4e99041ff4d193652
- SHA256
  
  a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
- SHA512
  
  8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
- SSDEEP
  
  24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

redlineinfostealerspyware

behavioral6

redlineinfostealerspyware

behavioral7

behavioral8

behavioral9

behavioral10