redline | a0224249bba012dbeced74e6e79e7f328f0619aaab417c1d21fe795dcbee3d66 | Triage

Sharing

General

Target

inject.zip
Size

334KB
Sample

230211-ysawjagh98
MD5

57687c6490fd4dff74785936efb582fa
SHA1

d36c8de8e9807b49ca9c55eaa53c6b7a35aa436e
SHA256

a0224249bba012dbeced74e6e79e7f328f0619aaab417c1d21fe795dcbee3d66
SHA512

a15b93b2478f13e3543357b9dedacbbfaf93ffa4077945f908a949be59a473b9e8cd99c8df5092591839727ab23072b0ac8e9a7e9905db51c9a71171a19ae525
SSDEEP

6144:R2pWagLRk18+8fW23vclpCRBgL+hn7iGUwRzL2V3jFZ4KEMZi:R2pgC18NW23wpCQLsJ32V3jFZ4KEz

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

82.115.223.46:57672

Attributes

auth_value
0b419e4e1ec3f5b460f1ca0a8cbe4916

Targets

- Target
  
  inject/loader.exe
- Size
  
  2.5MB
- MD5
  
  dd395bc1d5cd54dedca7d49ce67c1e86
- SHA1
  
  06a0c7fbbf0a371cfa33dba7dc43dc99633cb426
- SHA256
  
  2d7d8424f6c2664edc9f09504950732cfcb25271cda56b6dc4804e159eba2c29
- SHA512
  
  56b41adce07ab6041bf9dedd2e549c65151bca48cbe6b5a06c70bb256d954a947a71c3e37e6ffe2cc6782e9170ce7374c8709a95bf2b7ab03a64626902ffedce
- SSDEEP
  
  6144:c3x2qt7guV4/dm74iqu4X3q08AO7l2D1F9cghcwpCbmsLjSrvSAfa8ka:c4qt7guV4NGHs17cgodjSreC
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware