redline | de6e4238054c3bf7585df09f2b831c7529468d32b8265463312d809803c95367 | Triage

Sharing

General

Target

d2b0e4ab049ea6be6266d7798e44e099.exe
Size

1.1MB
Sample

230413-ntewrsba84
MD5

d2b0e4ab049ea6be6266d7798e44e099
SHA1

0ed36e6ffdbecc554835d9fcc31c905416603cb3
SHA256

de6e4238054c3bf7585df09f2b831c7529468d32b8265463312d809803c95367
SHA512

7f41477ab6cc8df4709f11698ae5394a67159679e1e9fd288fe8c37360ead2a21232289fb13aa2f4785dfae2d77e2033e58dc6a2d0c80dbc9f0d08113e191e9a
SSDEEP

3072:V2e9YMRkSkNGnbqhKJmRTopgIOQdgnCQG9h1j+ujk4plCzDB1TSgedhy/TBGRVpd:CASNGbENqqujk46zDB1T9ee1abF7J

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.241.192:4326

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  d2b0e4ab049ea6be6266d7798e44e099.exe
- Size
  
  1.1MB
- MD5
  
  d2b0e4ab049ea6be6266d7798e44e099
- SHA1
  
  0ed36e6ffdbecc554835d9fcc31c905416603cb3
- SHA256
  
  de6e4238054c3bf7585df09f2b831c7529468d32b8265463312d809803c95367
- SHA512
  
  7f41477ab6cc8df4709f11698ae5394a67159679e1e9fd288fe8c37360ead2a21232289fb13aa2f4785dfae2d77e2033e58dc6a2d0c80dbc9f0d08113e191e9a
- SSDEEP
  
  3072:V2e9YMRkSkNGnbqhKJmRTopgIOQdgnCQG9h1j+ujk4plCzDB1TSgedhy/TBGRVpd:CASNGbENqqujk46zDB1T9ee1abF7J
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware