redline | 1379aee1bf57a5d4e826d7ef56254274f6cffa3fecaa08b2ff96dd9dfc6c7d51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1379aee1bf57a5d4e826d7ef56254274f6cffa3fecaa08b2ff96dd9dfc6c7d51
Size

1.6MB
Sample

230901-felf1acg45
MD5

887e2ba60e03c2b0d79a63a6548e1720
SHA1

04b44c1bdbac152d6379eec5a6de4e46fd6328b3
SHA256

1379aee1bf57a5d4e826d7ef56254274f6cffa3fecaa08b2ff96dd9dfc6c7d51
SHA512

7497f8ea8d4b411e50d81e9e974144cd9a82911ac08fafe0355c33f7833c29f39dc077e7ccfa52748289e479b333662d1ede0f85d101a5ec5a86384bf0db9fb4
SSDEEP

12288:/mjyIX1z2FXfIv2E8SqdIcR64GZFXPbhS7ia6r6QHrhoqStFICLP5u3trL/iPaoK:Wy7FXfC8SqdIc0RXPtbrhPSXl+vc7uW

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

91.103.252.3:48665

Attributes

auth_value
0c16e9e64d9b037e5f1ff9082d8f439f

Targets

- Target
  
  1379aee1bf57a5d4e826d7ef56254274f6cffa3fecaa08b2ff96dd9dfc6c7d51
- Size
  
  1.6MB
- MD5
  
  887e2ba60e03c2b0d79a63a6548e1720
- SHA1
  
  04b44c1bdbac152d6379eec5a6de4e46fd6328b3
- SHA256
  
  1379aee1bf57a5d4e826d7ef56254274f6cffa3fecaa08b2ff96dd9dfc6c7d51
- SHA512
  
  7497f8ea8d4b411e50d81e9e974144cd9a82911ac08fafe0355c33f7833c29f39dc077e7ccfa52748289e479b333662d1ede0f85d101a5ec5a86384bf0db9fb4
- SSDEEP
  
  12288:/mjyIX1z2FXfIv2E8SqdIcR64GZFXPbhS7ia6r6QHrhoqStFICLP5u3trL/iPaoK:Wy7FXfC8SqdIc0RXPtbrhPSXl+vc7uW
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware