redline | 67cd8472366ecda8a195fc8a44e4747429f8d2e6d8c16d0c15a0e5a500506feb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67cd8472366ecda8a195fc8a44e4747429f8d2e6d8c16d0c15a0e5a500506feb
Size

1.7MB
Sample

230801-3qsqsach5z
MD5

f8f7c8c4cc25ba49c5b591aab8bfdc04
SHA1

6ed43db5ba58257c1283abfa8a08290ccf896033
SHA256

67cd8472366ecda8a195fc8a44e4747429f8d2e6d8c16d0c15a0e5a500506feb
SHA512

6e7fbd61fdf4cdcfed8f78a4d2272bb204bbd579cec94c4a45569bef9c5c62be22117545030a91291cae0cee6dea7454ab57fa16907d26d9a39cd7275bdbb9b5
SSDEEP

24576:XJKheI128AofpfewMUGeIFtOVkWvhr/qSJ:zIs8AofpfcfFavFz

Score

10^/10

redline infostealer spyware

Malware Config

Targets

- Target
  
  67cd8472366ecda8a195fc8a44e4747429f8d2e6d8c16d0c15a0e5a500506feb
- Size
  
  1.7MB
- MD5
  
  f8f7c8c4cc25ba49c5b591aab8bfdc04
- SHA1
  
  6ed43db5ba58257c1283abfa8a08290ccf896033
- SHA256
  
  67cd8472366ecda8a195fc8a44e4747429f8d2e6d8c16d0c15a0e5a500506feb
- SHA512
  
  6e7fbd61fdf4cdcfed8f78a4d2272bb204bbd579cec94c4a45569bef9c5c62be22117545030a91291cae0cee6dea7454ab57fa16907d26d9a39cd7275bdbb9b5
- SSDEEP
  
  24576:XJKheI128AofpfewMUGeIFtOVkWvhr/qSJ:zIs8AofpfcfFavFz
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware