redline | ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238 | Triage

Sharing

General

Target

ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
Size

260KB
Sample

230206-17ppcagb55
MD5

5d8f1243dce027bc2aba017ab5cf94b1
SHA1

6248d602631b088c598f458ae7f28fdd0c937574
SHA256

ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
SHA512

f3d8a8bfaca6448bee4a662494694f386b26ca2399a7a593f062ffc4e0e5c2dae88b96730323c43ddb5b94d59381c13df7db4d542bd907359020714fac073004
SSDEEP

3072:MPs3ojNeRHmbT7j755lonGJvOueqO/XDA3hDDJ5fCiTQn2AsuLxGjJltSA+iY:MkojWHUTPjVlOPDA3hDDJ5fCTAhY

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

95.217.146.176:4285

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
- Size
  
  260KB
- MD5
  
  5d8f1243dce027bc2aba017ab5cf94b1
- SHA1
  
  6248d602631b088c598f458ae7f28fdd0c937574
- SHA256
  
  ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
- SHA512
  
  f3d8a8bfaca6448bee4a662494694f386b26ca2399a7a593f062ffc4e0e5c2dae88b96730323c43ddb5b94d59381c13df7db4d542bd907359020714fac073004
- SSDEEP
  
  3072:MPs3ojNeRHmbT7j755lonGJvOueqO/XDA3hDDJ5fCiTQn2AsuLxGjJltSA+iY:MkojWHUTPjVlOPDA3hDDJ5fCTAhY
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware