redline | 5b17f3ce624fe20d0defb613669d024fb3240cfa5bfe28ae1600a7317442b6bc | Triage

Sharing

General

Target

5b17f3ce624fe20d0defb613669d024fb3240cfa5bfe28ae1600a7317442b6bc
Size

289KB
Sample

230314-fghg5afe5z
MD5

48a2095ad7c50fd26c481afafd97e571
SHA1

c14b3a4d993f3f12889a176b90bc0a8db3059777
SHA256

5b17f3ce624fe20d0defb613669d024fb3240cfa5bfe28ae1600a7317442b6bc
SHA512

42fe0abb84e296d8df8e7e3a6eb04ecc43b7eecfe05ab1e3156ac039b5df5ed51bb1c27daba597ff58f6482f152a7bda5c4ea7be5d92925ff4062da29b8fd5df
SSDEEP

6144:qE+0XQMLyYkIqzE5LpiYGI1P6XHT341ju3bKcIEbd2GPUNfPkikiu7dc+TZjTy79:M0gMyzolkm

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

95.216.251.184:4321

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  5b17f3ce624fe20d0defb613669d024fb3240cfa5bfe28ae1600a7317442b6bc
- Size
  
  289KB
- MD5
  
  48a2095ad7c50fd26c481afafd97e571
- SHA1
  
  c14b3a4d993f3f12889a176b90bc0a8db3059777
- SHA256
  
  5b17f3ce624fe20d0defb613669d024fb3240cfa5bfe28ae1600a7317442b6bc
- SHA512
  
  42fe0abb84e296d8df8e7e3a6eb04ecc43b7eecfe05ab1e3156ac039b5df5ed51bb1c27daba597ff58f6482f152a7bda5c4ea7be5d92925ff4062da29b8fd5df
- SSDEEP
  
  6144:qE+0XQMLyYkIqzE5LpiYGI1P6XHT341ju3bKcIEbd2GPUNfPkikiu7dc+TZjTy79:M0gMyzolkm
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware