redline | 00d8a59d88d38da9e84ed601706d63eb173c56d3bbc97b8ff637339eb1b5d4c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00d8a59d88d38da9e84ed601706d63eb173c56d3bbc97b8ff637339eb1b5d4c8
Size

258KB
Sample

230326-fejbmshe3v
MD5

b9071138b64a56ccd4eb35067b31b9c6
SHA1

8be418ade42ab80a5a937e26369ee01409ef2c78
SHA256

00d8a59d88d38da9e84ed601706d63eb173c56d3bbc97b8ff637339eb1b5d4c8
SHA512

cb0813ffaf9f0a2e121754bb1698a509e353621e48fc385def83ff152a84a5efaaa6c316077877e96c49cb582660c9f1c4beef29e0c564dd363fa51cd4833602
SSDEEP

3072:mRH8hj47OqtyC3Iv+7MRd/QlH0lzgi4ALBmgyz1sQmRrwvPqCY1a5p:mRHnKvW7CQyR4oHyxsRrwXHF7

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4323

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  00d8a59d88d38da9e84ed601706d63eb173c56d3bbc97b8ff637339eb1b5d4c8
- Size
  
  258KB
- MD5
  
  b9071138b64a56ccd4eb35067b31b9c6
- SHA1
  
  8be418ade42ab80a5a937e26369ee01409ef2c78
- SHA256
  
  00d8a59d88d38da9e84ed601706d63eb173c56d3bbc97b8ff637339eb1b5d4c8
- SHA512
  
  cb0813ffaf9f0a2e121754bb1698a509e353621e48fc385def83ff152a84a5efaaa6c316077877e96c49cb582660c9f1c4beef29e0c564dd363fa51cd4833602
- SSDEEP
  
  3072:mRH8hj47OqtyC3Iv+7MRd/QlH0lzgi4ALBmgyz1sQmRrwvPqCY1a5p:mRHnKvW7CQyR4oHyxsRrwXHF7
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware