redline | 3d3ebfe876d1c97270940d98d99c49b59cf0fca77b81dffde94af4ecf3d286b2 | Triage

Sharing

General

Target

ab8eb8019befbe7fff1a723818a379e3.bin
Size

154KB
Sample

230328-cmyvhsge26
MD5

bdd9c45f6b139296d8d207918a46e97e
SHA1

5e6480664a645bb1c954fd340d679f9c3ef0e254
SHA256

3d3ebfe876d1c97270940d98d99c49b59cf0fca77b81dffde94af4ecf3d286b2
SHA512

48b448090b1924d089638411013098f771621eef41ffb041b9540a00fa22a47fc949404d544264fcb06aa07fd6946adcea8f0bf7bd5c6f20eb627099836f99fb
SSDEEP

3072:oDRl86+f5LbTpIYc5dCicdZNo7LaN8T6qiat4jrKEp64R+pkT5Hrzby:YDr+lq/jCFvo7A8Tx9tDc6d2dPy

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

94.142.138.207:41751

Attributes

auth_value
b34e180fee9738bade6c400ac45eed85

Targets

- Target
  
  20fb6ad957974a5e836e3cd93bb8426f43049dcd223077fbd969bd1bc33434d4.exe
- Size
  
  292KB
- MD5
  
  ab8eb8019befbe7fff1a723818a379e3
- SHA1
  
  c7ea69ff4490f2c7aa745f0e9b2444b57dbed863
- SHA256
  
  20fb6ad957974a5e836e3cd93bb8426f43049dcd223077fbd969bd1bc33434d4
- SHA512
  
  7efe68e3a0ef0b5b11d48bd3540bb11cdc272f99e7b1110c8bb8b2b1c5b5fabd0f5625329628db57ba27aa1fdfa13a85982b41a46d029f42f90e745138055889
- SSDEEP
  
  6144:gYCN1NUy4+qHvLwADFcF3NYy/AjCGQ/K:zCN1NUy8H9I36yojzQ
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware