redline | 54ee8f707bb6d8a12d33a1652d96d089b54b032329364f22faa6436066dcebb0 | Triage

Sharing

General

Target

file.exe
Size

1.1MB
Sample

230327-s62zaaeb46
MD5

32249c38e8eaa4157ceecddc64e6378f
SHA1

2b408451d3e31d4d5f1381bf414ee0b6edde59ba
SHA256

54ee8f707bb6d8a12d33a1652d96d089b54b032329364f22faa6436066dcebb0
SHA512

3801c013ec81ef46b5cd09d12eb99c0bdb4440cac557fe3343632de0279ec55cd6e94543e2513cfde31e23b55661b52247d6d7a4171172d803ee1f08c3865e14
SSDEEP

6144:U+/ljQhToWxUIvq7w1MLBkZEAO3jLTeGdyHhVhx/pIW4:Uij0ToWx/vREZLTBCIW4

Score

10^/10

redline karas infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

karas

C2

45.15.156.21:26932

Attributes

auth_value
35ad3cc0be03aa0ffb1329784c9907fa

Targets

- Target
  
  file.exe
- Size
  
  1.1MB
- MD5
  
  32249c38e8eaa4157ceecddc64e6378f
- SHA1
  
  2b408451d3e31d4d5f1381bf414ee0b6edde59ba
- SHA256
  
  54ee8f707bb6d8a12d33a1652d96d089b54b032329364f22faa6436066dcebb0
- SHA512
  
  3801c013ec81ef46b5cd09d12eb99c0bdb4440cac557fe3343632de0279ec55cd6e94543e2513cfde31e23b55661b52247d6d7a4171172d803ee1f08c3865e14
- SSDEEP
  
  6144:U+/ljQhToWxUIvq7w1MLBkZEAO3jLTeGdyHhVhx/pIW4:Uij0ToWx/vREZLTBCIW4
Score

10^/10

redline karas infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekarasinfostealerspyware

behavioral2

redlinekarasinfostealerspyware