redline | 4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e | Triage

Sharing

General

Target

4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e
Size

251KB
Sample

230215-v6awxacg9s
MD5

a964af3c28ddb8261c7fcb4a2c32bca9
SHA1

9183e0d998b16edcef55c12d28386a1ee657de7b
SHA256

4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e
SHA512

ea3e91dbfbe38a234a8d7957f7854e68377b8db1b181a0e9064b050403345c64a333bd41f702187be88a6e05bc991e0b59e34813f44acd219c88aafb931d1466
SSDEEP

6144:zaAELcw3oMjkYvQUbsKidemEt9cr+cOz+8nWIYT+H0iF47wO:zaAELcw3oMjkYvQUbs9dcI+cOw7T+Hbu

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

95.217.146.176:4287

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e
- Size
  
  251KB
- MD5
  
  a964af3c28ddb8261c7fcb4a2c32bca9
- SHA1
  
  9183e0d998b16edcef55c12d28386a1ee657de7b
- SHA256
  
  4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e
- SHA512
  
  ea3e91dbfbe38a234a8d7957f7854e68377b8db1b181a0e9064b050403345c64a333bd41f702187be88a6e05bc991e0b59e34813f44acd219c88aafb931d1466
- SSDEEP
  
  6144:zaAELcw3oMjkYvQUbsKidemEt9cr+cOz+8nWIYT+H0iF47wO:zaAELcw3oMjkYvQUbs9dcI+cOw7T+Hbu
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware