redline | 4bed6caa012263d6127c6f33e9bc8fe327198f63452d0fac956b361bb6d578c5 | Triage

Sharing

General

Target

4bed6caa012263d6127c6f33e9bc8fe327198f63452d0fac956b361bb6d578c5
Size

285KB
Sample

230328-mm35caad99
MD5

8f6d73ff83b4d87e2a35419996d2303f
SHA1

2a97c857a9ec00d386a1151d55d263afb3915d26
SHA256

4bed6caa012263d6127c6f33e9bc8fe327198f63452d0fac956b361bb6d578c5
SHA512

0a2896abd039ec7ad5abc73cb693e480dc96ee9caa6db9f6faf5e4486a854fd915c94ad09670014b94ebd0d66820fcbf39aff44d70156d5b8a56cb4f977f0581
SSDEEP

6144:pfUwOIEK84WQsykAeYIkAeYUaMImg8C0QuaZ1AntQQAA7B2RV+13R:pfUwOIEK84WQsykAeYIkAeYUaMImg8Co

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4324

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  4bed6caa012263d6127c6f33e9bc8fe327198f63452d0fac956b361bb6d578c5
- Size
  
  285KB
- MD5
  
  8f6d73ff83b4d87e2a35419996d2303f
- SHA1
  
  2a97c857a9ec00d386a1151d55d263afb3915d26
- SHA256
  
  4bed6caa012263d6127c6f33e9bc8fe327198f63452d0fac956b361bb6d578c5
- SHA512
  
  0a2896abd039ec7ad5abc73cb693e480dc96ee9caa6db9f6faf5e4486a854fd915c94ad09670014b94ebd0d66820fcbf39aff44d70156d5b8a56cb4f977f0581
- SSDEEP
  
  6144:pfUwOIEK84WQsykAeYIkAeYUaMImg8C0QuaZ1AntQQAA7B2RV+13R:pfUwOIEK84WQsykAeYIkAeYUaMImg8Co
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware