redline | 9dc11a1d99b60cab697a942d4c5755597ac60afb33ad4c31fadecb1fed89a28c | Triage

Sharing

General

Target

9dc11a1d99b60cab697a942d4c5755597ac60afb33ad4c31fadecb1fed89a28c
Size

285KB
Sample

230328-ml9kqsad97
MD5

407e3ed4d8b09f4497f90695f2027174
SHA1

e9cd927398e3cdfa97eda953ce79ebbe1cb8d8be
SHA256

9dc11a1d99b60cab697a942d4c5755597ac60afb33ad4c31fadecb1fed89a28c
SHA512

915f5f8bdc65a17913ce27f80e9bd2445443342061fb30ec2c187029b8c72e4d7d3f35f6feda1e2bc7aaa79e2de421fc4d0df4846ca5e3728f69a152886da528
SSDEEP

6144:pbUwOIEK84WQsykAeYXkAeYUaMImg8C0QuMZdEMtQQAA7t5jtyVVxmghnni:pbUwOIEK84WQsykAeYXkAeYUaMImg8Cv

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4324

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  9dc11a1d99b60cab697a942d4c5755597ac60afb33ad4c31fadecb1fed89a28c
- Size
  
  285KB
- MD5
  
  407e3ed4d8b09f4497f90695f2027174
- SHA1
  
  e9cd927398e3cdfa97eda953ce79ebbe1cb8d8be
- SHA256
  
  9dc11a1d99b60cab697a942d4c5755597ac60afb33ad4c31fadecb1fed89a28c
- SHA512
  
  915f5f8bdc65a17913ce27f80e9bd2445443342061fb30ec2c187029b8c72e4d7d3f35f6feda1e2bc7aaa79e2de421fc4d0df4846ca5e3728f69a152886da528
- SSDEEP
  
  6144:pbUwOIEK84WQsykAeYXkAeYUaMImg8C0QuMZdEMtQQAA7t5jtyVVxmghnni:pbUwOIEK84WQsykAeYXkAeYUaMImg8Cv
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware