redline | 264be234fa8d132fe64911214df6d852d2453001d244f0c8ecd47a646cfb16e2 | Triage

Sharing

General

Target

75c970760139d52e33032802ff980c81.exe
Size

348KB
Sample

230504-lycabsbd76
MD5

75c970760139d52e33032802ff980c81
SHA1

ed2514545bdd5ee938401481b80d8861c56491e9
SHA256

264be234fa8d132fe64911214df6d852d2453001d244f0c8ecd47a646cfb16e2
SHA512

64a567ae407a9cd465f0ca73d08ad2747b2093873de06ae0c56335765cbb7d1bcc2ef1b118a7a650982b2f6b8682aed8b921dacf6061b31d63aff0fdbc6a2137
SSDEEP

6144:58iigkguUMJ/8flCFdr1vYRtAfJAF/hX73hw4n96Jp+nfofuG:uvgtpfflCvZvYIfJS1TS4tQfr

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.241.192:4328

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  75c970760139d52e33032802ff980c81.exe
- Size
  
  348KB
- MD5
  
  75c970760139d52e33032802ff980c81
- SHA1
  
  ed2514545bdd5ee938401481b80d8861c56491e9
- SHA256
  
  264be234fa8d132fe64911214df6d852d2453001d244f0c8ecd47a646cfb16e2
- SHA512
  
  64a567ae407a9cd465f0ca73d08ad2747b2093873de06ae0c56335765cbb7d1bcc2ef1b118a7a650982b2f6b8682aed8b921dacf6061b31d63aff0fdbc6a2137
- SSDEEP
  
  6144:58iigkguUMJ/8flCFdr1vYRtAfJAF/hX73hw4n96Jp+nfofuG:uvgtpfflCvZvYIfJS1TS4tQfr
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware