redline

General

Target

Impulse.exe
Size

243KB
Sample

230114-wr2azsfd4t
MD5

3ec84ba5702734f2437bc253031d956f
SHA1

3e8d961af62a30750c4aa7e60ed1b1a75201ab82
SHA256

1e2085bb3e6b9e2daf2b4e72a376aa135e8b56c565ce9f5d62cb0744f4b1870f
SHA512

227e5e70bb7954c1654b550c8ec79bccc39cc6d2faccc730e28a23a35e7719d8b2a2a5187697b445355d803d5866c01add9657f62d7b1b670119c19e3d7390e0
SSDEEP

6144:pPg0X7R2qaFlWfBo+lguIHqyYkn9jCcaREeF0Kjprewfg:p7R2Z/kBo9qyb9jCcaRE+fg

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

6impuls

C2

167.235.233.35:16621

Attributes

auth_value
339578445a7d0df5895e9a1a8d4f16cb

Targets

- Target
  
  Impulse.exe
- Size
  
  243KB
- MD5
  
  3ec84ba5702734f2437bc253031d956f
- SHA1
  
  3e8d961af62a30750c4aa7e60ed1b1a75201ab82
- SHA256
  
  1e2085bb3e6b9e2daf2b4e72a376aa135e8b56c565ce9f5d62cb0744f4b1870f
- SHA512
  
  227e5e70bb7954c1654b550c8ec79bccc39cc6d2faccc730e28a23a35e7719d8b2a2a5187697b445355d803d5866c01add9657f62d7b1b670119c19e3d7390e0
- SSDEEP
  
  6144:pPg0X7R2qaFlWfBo+lguIHqyYkn9jCcaREeF0Kjprewfg:p7R2Z/kBo9qyb9jCcaRE+fg
Score

10^/10

redline 6impuls discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2