redline | 2ed78a7170336d23af7b56c93a0c38c7c041e135ee38f52375a61a3245eb02ce | Triage

Sharing

General

Target

2ed78a7170336d23af7b56c93a0c38c7c041e135ee38f52375a61a3245eb02ce
Size

295KB
Sample

230328-d6yvasaf4y
MD5

9744d48a89a883ff6ca3a33dc419001b
SHA1

e0d406538b3fa79ac96f07ceb0ff8bd99fdc7438
SHA256

2ed78a7170336d23af7b56c93a0c38c7c041e135ee38f52375a61a3245eb02ce
SHA512

d405499ca967acb632846a8a7d4e19251b26abfc4b8f037ec40f48274d2651b72399644a394ebbecbb2b242f728fc5116b4e7b3ed28c22730c091f3a12d02740
SSDEEP

3072:U1L/wDkkPHR8Vhuy+tQ+ZV2BX7PhHVD0SH2VWS6cYDT6QALnxGL6L5RR26l11Uq+:o8vRvtQ8YX7Ph1D0SWVWS6cYCLnmj

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4324

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  2ed78a7170336d23af7b56c93a0c38c7c041e135ee38f52375a61a3245eb02ce
- Size
  
  295KB
- MD5
  
  9744d48a89a883ff6ca3a33dc419001b
- SHA1
  
  e0d406538b3fa79ac96f07ceb0ff8bd99fdc7438
- SHA256
  
  2ed78a7170336d23af7b56c93a0c38c7c041e135ee38f52375a61a3245eb02ce
- SHA512
  
  d405499ca967acb632846a8a7d4e19251b26abfc4b8f037ec40f48274d2651b72399644a394ebbecbb2b242f728fc5116b4e7b3ed28c22730c091f3a12d02740
- SSDEEP
  
  3072:U1L/wDkkPHR8Vhuy+tQ+ZV2BX7PhHVD0SH2VWS6cYDT6QALnxGL6L5RR26l11Uq+:o8vRvtQ8YX7Ph1D0SWVWS6cYCLnmj
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware