redline | 51b4ab44329a6efe2d4a23d5c4664da236fe08b12728d181c909feddf19eb2dc | Triage

Sharing

General

Target

BlenderSetup-3.5.0-win-x64.zip
Size

89.8MB
Sample

230523-s6f2taga22
MD5

5b1603b260a23453afc933bc54925c08
SHA1

fe68d730779f5b54c052b207e4a6d35f244b5fa1
SHA256

51b4ab44329a6efe2d4a23d5c4664da236fe08b12728d181c909feddf19eb2dc
SHA512

18d2044195e04eff3a5ebc4ce249633031d1b811d06d75cfa19eadcb4828f9753692ec00b1de015eac7208d3320b0b8d30e0a815b712a8e6db019a1a3128138e
SSDEEP

1572864:J3tbY+firscYCuCr+u5KBYpmWkjbhTKCFL6xBE9L1FKf6nP2sojzLYbE8LGC1:fk+firsCuo75KXWsl1l6E1DY6nP2NDcJ

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

C2

5.42.64.63:19123

Attributes

auth_value
2e251a8604620b6ba76520586114b84e

Targets

- Target
  
  BlenderSetup-3.5.0-win-x64.exe
- Size
  
  637.6MB
- MD5
  
  443cc79e21eea02b0731b09aa0c58987
- SHA1
  
  976078d978f3dc0e5b8476923531aecf3485c078
- SHA256
  
  9f00eac23eaa3f569d4320235c814c1abc3a80997acbb537bed2fdb5ffba08e8
- SHA512
  
  2d6aa8e8cc46e1fe51c89eb919f5973459e4a0f1b1cf3cdbf5701e2057fd5d8533325e65efde8f2b263df2f7cf414b27680b5c13aa68919ff2e889ba4d3ec714
- SSDEEP
  
  1572864:Hcljj7Hs6Hjo0pQI/ALJXuHo9YDvA2zA10srNqr+en3R5yUJsU:H8jjbs6Hj9X/ALJoo9oA21mNi33TL
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealer