redline | a17f901cc5beb227d3619c18a9997555852aca101409c5dc504cf25f4729262f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58dbc709c09abceac1becfe2ff10b430.exe
Size

365KB
Sample

230420-pffrkshg57
MD5

58dbc709c09abceac1becfe2ff10b430
SHA1

dd996d90820a8b75a865739933dd871c77508c32
SHA256

a17f901cc5beb227d3619c18a9997555852aca101409c5dc504cf25f4729262f
SHA512

dc05b239aa29b9bb70585ad4db33bd0863698c71159125fecb10a5d44b9d481780d0229d18f2d39e80f94626fb70d96435e4b850ce83c614d481846072d8236f
SSDEEP

6144:yYSOGk+3NmAO6crcgIfKrbSlHyLK6SlOkNx+uQl/d:VSOD+3NmhGKry6SlO5uQ

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

45.15.157.147:37535

Attributes

auth_value
69d4f1af428790964f316100b6634867

Targets

- Target
  
  58dbc709c09abceac1becfe2ff10b430.exe
- Size
  
  365KB
- MD5
  
  58dbc709c09abceac1becfe2ff10b430
- SHA1
  
  dd996d90820a8b75a865739933dd871c77508c32
- SHA256
  
  a17f901cc5beb227d3619c18a9997555852aca101409c5dc504cf25f4729262f
- SHA512
  
  dc05b239aa29b9bb70585ad4db33bd0863698c71159125fecb10a5d44b9d481780d0229d18f2d39e80f94626fb70d96435e4b850ce83c614d481846072d8236f
- SSDEEP
  
  6144:yYSOGk+3NmAO6crcgIfKrbSlHyLK6SlOkNx+uQl/d:VSOD+3NmhGKry6SlO5uQ
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware