redline | b9cfc791ba165fb157da8f1d6b4fb950066cbb10ddad162587a1392056663549 | Triage

Sharing

General

Target

b9cfc791ba165fb157da8f1d6b4fb950066cbb10ddad162587a1392056663549
Size

295KB
Sample

230328-d666nsaf4z
MD5

439ba67ca364779b9747e8a8d2d8ccde
SHA1

0ab5659ff275c65e079eb9984a20299c3c6b4ef4
SHA256

b9cfc791ba165fb157da8f1d6b4fb950066cbb10ddad162587a1392056663549
SHA512

612b267f5ea437e8566c8f09cf2e386adced8f500286a3f84778293f950a336ab0c6e642f0daeb2ed05bfe6e88a19170534bd042d75870eed0cfa55215ea8e75
SSDEEP

3072:eVQVwzq5PW4VVA+yXtQ+ZV2BX74gtnsOVWS68Wy6SALnxGL6L5RR26l11UqQb9bt:Xve4ytQ8YX74knVVWS6FxnOT

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4324

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  b9cfc791ba165fb157da8f1d6b4fb950066cbb10ddad162587a1392056663549
- Size
  
  295KB
- MD5
  
  439ba67ca364779b9747e8a8d2d8ccde
- SHA1
  
  0ab5659ff275c65e079eb9984a20299c3c6b4ef4
- SHA256
  
  b9cfc791ba165fb157da8f1d6b4fb950066cbb10ddad162587a1392056663549
- SHA512
  
  612b267f5ea437e8566c8f09cf2e386adced8f500286a3f84778293f950a336ab0c6e642f0daeb2ed05bfe6e88a19170534bd042d75870eed0cfa55215ea8e75
- SSDEEP
  
  3072:eVQVwzq5PW4VVA+yXtQ+ZV2BX74gtnsOVWS68Wy6SALnxGL6L5RR26l11UqQb9bt:Xve4ytQ8YX74knVVWS6FxnOT
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware