redline | 15d2b5c50147f13a6620afcb59ef84fe8d5f59a3ada9fda8a85a7682a10b3f1c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6e95dea307c05e66678aa852e07bec7.bin
Size

1.2MB
Sample

230314-kjelgaed56
MD5

a6e95dea307c05e66678aa852e07bec7
SHA1

e54eda918155800935940eb7028f82439b5235ed
SHA256

15d2b5c50147f13a6620afcb59ef84fe8d5f59a3ada9fda8a85a7682a10b3f1c
SHA512

10f04ba8df2f5a013c99b72ef9b346eeb114cd8c060a51476583ddefc009ba6f2b2af75d8f07dc36f2373b8d63c870599d9661794bb5394632a3c54a70c629c0
SSDEEP

6144:pbokNDSZeQYM59Zv3+XvzB0zqEx+n/AOKpw72G3d7o8WA7jjFaO+O0b8+DZh55:fNDAeQv3vuXAs0I2Go27vh+rBd

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

82.115.223.46:57672

Attributes

auth_value
b6a49478d9dc0448b4da03b685d4e745

Targets

- Target
  
  a6e95dea307c05e66678aa852e07bec7.bin
- Size
  
  1.2MB
- MD5
  
  a6e95dea307c05e66678aa852e07bec7
- SHA1
  
  e54eda918155800935940eb7028f82439b5235ed
- SHA256
  
  15d2b5c50147f13a6620afcb59ef84fe8d5f59a3ada9fda8a85a7682a10b3f1c
- SHA512
  
  10f04ba8df2f5a013c99b72ef9b346eeb114cd8c060a51476583ddefc009ba6f2b2af75d8f07dc36f2373b8d63c870599d9661794bb5394632a3c54a70c629c0
- SSDEEP
  
  6144:pbokNDSZeQYM59Zv3+XvzB0zqEx+n/AOKpw72G3d7o8WA7jjFaO+O0b8+DZh55:fNDAeQv3vuXAs0I2Go27vh+rBd
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware