redline | 8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4 | Triage

Sharing

General

Target

8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4
Size

1.1MB
Sample

230420-zh9sjscc53
MD5

9bcbd5207435abcd90cafb3ac175d885
SHA1

6ff71e9a9ac82f29e6af9e9185561507efd79bdf
SHA256

8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4
SHA512

414f9dd3b6af4bdc9ac1d1e8d90202a576b8e7ef8f036d5fd10858545075cd169def8624650444f1021ec453a7197bcad5a6c80a7ef6e8c27df50b01f0629249
SSDEEP

6144:AY2g5X55t2B+DWSJI/AOou2Tss7OifSWqCi+tJnjnMNvKjBWy2uFlDXK72:AY2g5XXFsuswqgrMBIW72

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.241.192:4327

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4
- Size
  
  1.1MB
- MD5
  
  9bcbd5207435abcd90cafb3ac175d885
- SHA1
  
  6ff71e9a9ac82f29e6af9e9185561507efd79bdf
- SHA256
  
  8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4
- SHA512
  
  414f9dd3b6af4bdc9ac1d1e8d90202a576b8e7ef8f036d5fd10858545075cd169def8624650444f1021ec453a7197bcad5a6c80a7ef6e8c27df50b01f0629249
- SSDEEP
  
  6144:AY2g5X55t2B+DWSJI/AOou2Tss7OifSWqCi+tJnjnMNvKjBWy2uFlDXK72:AY2g5XXFsuswqgrMBIW72
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware