redline | e30685351e19586be44e2524f2941e819ad07e94ba21f3442ea91ace3090aab5 | Triage

Sharing

General

Target

e30685351e19586be44e2524f2941e819ad07e94ba21f3442ea91ace3090aab5
Size

302KB
Sample

230523-19bv9shg68
MD5

78c06eb25e3a112f1194c2d06f6a218a
SHA1

f692bb3955742b01c73ab5afeb0d5d16856adeed
SHA256

e30685351e19586be44e2524f2941e819ad07e94ba21f3442ea91ace3090aab5
SHA512

97fbcc24ed00474e416edb4def3f6f7c2f397aaac624e52e26af10b8bc8d7740c337e6538a32e912cd4a45e5fe1da7a099f2f041fbd138f567cb80847ae223ca
SSDEEP

6144:1LqymFDZhIV4p4p4RrDM/J63lTYZWvtbLxv4EP:0DDIViiGDMBMZvZLSE

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.10.136:4328

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  e30685351e19586be44e2524f2941e819ad07e94ba21f3442ea91ace3090aab5
- Size
  
  302KB
- MD5
  
  78c06eb25e3a112f1194c2d06f6a218a
- SHA1
  
  f692bb3955742b01c73ab5afeb0d5d16856adeed
- SHA256
  
  e30685351e19586be44e2524f2941e819ad07e94ba21f3442ea91ace3090aab5
- SHA512
  
  97fbcc24ed00474e416edb4def3f6f7c2f397aaac624e52e26af10b8bc8d7740c337e6538a32e912cd4a45e5fe1da7a099f2f041fbd138f567cb80847ae223ca
- SSDEEP
  
  6144:1LqymFDZhIV4p4p4RrDM/J63lTYZWvtbLxv4EP:0DDIViiGDMBMZvZLSE
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware