redline | 18b857297048eb4a71df683ea14505d28411288eb144999f4b930e687ffb1af1 | Triage

Sharing

General

Target

18b857297048eb4a71df683ea14505d28411288eb144999f4b930e687ffb1af1
Size

327KB
Sample

230526-17y8sahg4x
MD5

ddc408a9c438919410396dedf661cb81
SHA1

db03c2c85632ddef24496fc75851ce1bfa2bbdff
SHA256

18b857297048eb4a71df683ea14505d28411288eb144999f4b930e687ffb1af1
SHA512

c8675259c707ba13ac5082a05e7f5e5457446be6b89dcb7cf51c6045f4ea3f87edbb1236227b3f9c523c1cbc9309fb0e0a5eaa413757ba5251227cc27eda101a
SSDEEP

6144:iV9SHeF4RbXigPTwH0iE4drB8p3LNLOIjvPBmZ5Gj8:ivieF4RbSjH0i3dr2p3LNLOI7PMh

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

135.181.10.136:4328

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  18b857297048eb4a71df683ea14505d28411288eb144999f4b930e687ffb1af1
- Size
  
  327KB
- MD5
  
  ddc408a9c438919410396dedf661cb81
- SHA1
  
  db03c2c85632ddef24496fc75851ce1bfa2bbdff
- SHA256
  
  18b857297048eb4a71df683ea14505d28411288eb144999f4b930e687ffb1af1
- SHA512
  
  c8675259c707ba13ac5082a05e7f5e5457446be6b89dcb7cf51c6045f4ea3f87edbb1236227b3f9c523c1cbc9309fb0e0a5eaa413757ba5251227cc27eda101a
- SSDEEP
  
  6144:iV9SHeF4RbXigPTwH0iE4drB8p3LNLOIjvPBmZ5Gj8:ivieF4RbSjH0i3dr2p3LNLOI7PMh
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware