redline | d836c428fff004611172d1f2898e4624867c6d13528d4e41039c6fa40e403762 | Triage

Submit
Reports

Overview

overview

Static

static

1

PayPal/PayPal.pdf.lnk

windows10-1703-x64

PayPal/PayPal.pdf.lnk

windows7-x64

8

Sharing

General

Target

PayPal.zip
Size

3.2MB
Sample

230327-qbwgxaff2y
MD5

85dbf0389a37775c1d0127f8f133adfe
SHA1

2318f46efd9aa027181f7ae8c96c7253d8f7a17c
SHA256

d836c428fff004611172d1f2898e4624867c6d13528d4e41039c6fa40e403762
SHA512

6dbe8dd19f08a4017c16a480a17bbca95ff164499527b054e70f65599c8dd46e727991fadf39650dfec296ceb52d90453dab4bf992ce05798b166f589047bf4d
SSDEEP

49152:vA/55YS0fnMqWQq1VBAcbDgpeOqX33t08A4jRc3Oj6+sxyu2Ts656KNfUuSMPk:veL8qDAc4QOK33q8Ar+j6zyu2A656UPk

Score

10^/10

redline gst5 collection evasion infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

PayPal/PayPal.pdf.lnk

Resource

win10-20230220-en

redline gst5 collection evasion infostealer spyware

windows10-1703-x64

18 signatures

1800 seconds

Behavioral task

behavioral2

Sample

PayPal/PayPal.pdf.lnk

Resource

win7-20230220-en

windows7-x64

10 signatures

1800 seconds

Malware Config

Extracted

Family

redline

Botnet

GST5

C2

5.79.91.233:38435

Attributes

auth_value
1faf1998ff417661be7ea5f7b386eafb

Targets

- Target
  
  PayPal/PayPal.pdf.lnk
- Size
  
  1KB
- MD5
  
  107b9436dbcd42961940b6549d56bc30
- SHA1
  
  496b1651773af6e336850e27cbfea1ad43b14b40
- SHA256
  
  ebb82404cc0433ad70cef97ee13659e2af5094f83888d1e59f1469a13e742ff1
- SHA512
  
  e26da458afd812114741a1dada545949a2f12c071913c08fb403bb0ebf3e519f6e47bf9d6e84ef24162d51fabd433c40ee03834e8e7d0592a0ad72dee3079398
Score

10^/10

redline gst5 collection evasion infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinegst5collectionevasioninfostealerspyware

behavioral2

© 2018-2025

Terms | Privacy