redline | 02bed981dce70b947d72c304a3f2e1cbdee963c315779d5717769f88c8166447 | Triage

Sharing

General

Target

Setup 2.1.zip
Size

22.5MB
Sample

230807-n191gsfb29
MD5

3c1e09e71528975ccb05386130771fd4
SHA1

76eb16c5344306bbccd4d802c3c3dce1b7d6c2e2
SHA256

02bed981dce70b947d72c304a3f2e1cbdee963c315779d5717769f88c8166447
SHA512

832ca2979b8364666f84f41ad7f06c863016ac2172c9f97d461162aef87478b58a13cd4d571521ab2a7265a54499043738c6366583b3f1647d78f94563259eff
SSDEEP

393216:Wh71HxcV7gxN7U9z/w/p9XMWrl05YdycEB7Qrdx2V9+fYNpEnMxI8MGAf6yfL+4i:GJCyxNQ9s/paw0idgAdxQwfYPEGZMG8q

Score

10^/10

redline infostealer spyware stealer

Malware Config

Targets

- Target
  
  Setup 2.1.exe
- Size
  
  943KB
- MD5
  
  50d75122c586127e27b5507e760c4c0b
- SHA1
  
  9bdf707bf876d344c92b96e78417bd72da8c27f7
- SHA256
  
  9b7751bd8aec8d094acc4fc832b843bd452711004418002e02fb5d57373dd686
- SHA512
  
  1341f97ada0e9c3280c1057d68c059624a9ca8e0dcbaa44e0c4b87f4acca99f93a97407584c1068ef5c73e5ee68a784cbfb2aa39e907dab04c508a5e9f4b8f0a
- SSDEEP
  
  6144:aXCADuBaYCeqtuorJG6QRqMyog3RU1A2yyERrqXsk:aXCADuBaKqk9XORU1A9dqXB
Score

10^/10

redline infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2
- Target
  
  data.bin
- Size
  
  19.0MB
- MD5
  
  ef0dda43daf11d6118a5310bee73f1cd
- SHA1
  
  f5455766f0b643a65e89cbd54ea8c090b9abe523
- SHA256
  
  d59cdc52efc57fcc6e0008290de2fc2b7ddb1c5c624ed747c87944723803df15
- SHA512
  
  b41f6354ca4998f801ddb9d9c46aad31ab18997d3c2271371bd7e5297be3490dfd1643dbacfea7ace523bbd60da296f30fea3a7dc629c7a0799353cca8a83fc8
- SSDEEP
  
  393216:sHqOpYyDx04MQFKWI3eeo0T2WedOOJUiZLJh+SuTnZv35Tv:sHqKDNJi3eWadjUiZLJASuTrv
Score

3^/10
behavioral3 behavioral4
- Target
  
  libEGL.dll
- Size
  
  935KB
- MD5
  
  69b57cc7076f64e550cba1d21372dad2
- SHA1
  
  a3c69cf1801de74757a46bab7c7c75815f449828
- SHA256
  
  432e802e5bbc1afc66732fb9511aa1d431294e6c4999d7e4dfb4e65f2773f6ee
- SHA512
  
  6142982ed72b8c55d562f823b843739d427d799c85f91d7a4777020751719d18fbc9d0e3befd3f9ae7df1a0c1a361ef320e5df4bd862469061688c9894593221
- SSDEEP
  
  12288:OXdUddsHK2HmT3v/6tDpu6KsulmJOZ6yQUE54k5RxOTVR/Facyg7jQG17UkAT/DC:Znr3vGY8JMI550JFxthUhtkPK+fn
Score

1^/10
behavioral5 behavioral6
- Target
  
  libeay32.dll
- Size
  
  2.1MB
- MD5
  
  9c8b228d392411aeec50905c2d80cf5d
- SHA1
  
  54a8d6ec44a8e11a3e232ad63b006b5c1394d6b2
- SHA256
  
  2c125702a00050b7175befb29e58749c8b63e33d51e6093ac04175c303084a83
- SHA512
  
  b993b094174f5564ae4e0f3c333c61ad2d57857761c60273c0d0681845e457ffa7df8bcb61f0c8dcccd12ba702457c610f742879abd339780bc5de805ddc1f69
- SSDEEP
  
  49152:RGqv0LS1e33J+UMFMVDfC/QZG9WUQmCRD75AArD/0lTrWrTZ3BGTy:RGy0LS1oJ+UMFMVDfC/QZG9WUQxRD75l
Score

1^/10
behavioral7 behavioral8
- Target
  
  libgcc_s_dw2-1.dll
- Size
  
  117KB
- MD5
  
  043b39434829ce93637b1801d57b2082
- SHA1
  
  297b5f72104130e17d92789adbbcfab8fe700a82
- SHA256
  
  4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394
- SHA512
  
  eee912b21d31c54bf913d11028f1637a041809bbe4cd6a5ca28c664f72b397d67d03230ba652a06b86916aea7e7ff5999a5b26cc14c067ab1652ab82f565edcf
- SSDEEP
  
  1536:8dtiUW76b2IPdo20ERT/TAnckgPfwxsNSGcHy//Rs0l6eeyB0nN0x/W08mZ9DxRw:8G66yo2zT/TGgXsavs0MdmxRw
Score

3^/10
behavioral10 behavioral9
- Target
  
  libwinpthread-1.dll
- Size
  
  77KB
- MD5
  
  1f4411c1f66c9cdf96ca9d7f9caf52d9
- SHA1
  
  ea04be653df7335483c7c8f46367d75d4ad9224e
- SHA256
  
  b5fe4d6408ef2baabdd168f4c7250900606468e9aeb24c71e0c833d3d715ae65
- SHA512
  
  8b95d0533773c5424733862cf60ed0f0d2ed5c7016b602a71dc4ce4a90ef0946de605f46c94fb0f6c3135447f60a00d3476e8b91a61e079885aa764bc1407b8a
- SSDEEP
  
  1536:NCogndcxz8C7iYx3AUwTG36Djm2uYUjslAsvONDuJluLjIGxim3Yx:Nydcaix3v363K+GNDDLjIEim3Yx
Score

1^/10
behavioral11 behavioral12
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10
behavioral13 behavioral14
- Target
  
  msvcp140.dll
- Size
  
  436KB
- MD5
  
  3e992e3412b8067cd215b52e6f906b1a
- SHA1
  
  4aaff9d969d558d355954131b88b1c250aed5d15
- SHA256
  
  c3838cb309a101ca41064358ac65010610064f12aa3d341ea15c4b95e8d525c6
- SHA512
  
  b2c92e710c65cfa2ca4a1fd7da9bfee521e450a63ac9070a8524c2f3abfb9ebf06b6567d650c7c69e2ec2066057b61ee4f1bf39ef6ff66e483c1b445883834f9
- SSDEEP
  
  12288:eGPa9C9VbL+3Omy5CvyOvzeOKQqhUgiW6QR7t5s03Ooc8dHkC2esGbWg:eGPa90Vbky5CvyUeOKW03Ooc8dHkC2eP
Score

3^/10
behavioral15 behavioral16
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral17 behavioral18
- Target
  
  opengl32sw.dll
- Size
  
  874KB
- MD5
  
  3db95d9910834474528c245fbbaa0e0e
- SHA1
  
  5fb0eac4e0296d5221c408decf2842aa1b335746
- SHA256
  
  6028ad980a9329c270e0bd0ecd8d65129650c72005b038ee96cfdf2fad8c53af
- SHA512
  
  3122f699afa28cf49d99e3c241f145b88f98942cc9a2ebcd6412b6907b5e723f4914f91d3c045abc6b48ab83244179611b73e60b49e7c73a87a2b8f4933cb1ff
- SSDEEP
  
  24576:a6r4lQp6oaYa8o0oKAdx22XkoZe/qbCW0E8GNwn/Xwi:aBWYoaYxRoRdx22Xk1IrkGNwn/Ai
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspywarestealer

behavioral2

redlineinfostealerspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20