redline | c7ebc985e82db990f9bc39e1065243a25fb8d9b693d4936e3c00a54e633e8423 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7ebc985e82db990f9bc39e1065243a25fb8d9b693d4936e3c00a54e633e8423
Size

1.8MB
Sample

231003-zv4r3ahd97
MD5

b1a63f0f3a4d94cf43d400af56a514f2
SHA1

263f57427ad69f8c51003725326bca532bb3cc94
SHA256

c7ebc985e82db990f9bc39e1065243a25fb8d9b693d4936e3c00a54e633e8423
SHA512

8fc926712470e6e0b26385b689f1dba105f3585487fff3d539950c4cf84706e99e1b66a2f24a4fb230f78614a2002033122a960ffd1e6f19e0b29b4598a52c95
SSDEEP

24576:o5wDJXe9Dz+HlhTA0nygszLbIJOKidPMmLpLuLaLcL/LhL3LxLxLsJS3k:oV9Dz+H/tnMgJodkUS0

Score

10^/10

redline infostealer spyware

Malware Config

Targets

- Target
  
  c7ebc985e82db990f9bc39e1065243a25fb8d9b693d4936e3c00a54e633e8423
- Size
  
  1.8MB
- MD5
  
  b1a63f0f3a4d94cf43d400af56a514f2
- SHA1
  
  263f57427ad69f8c51003725326bca532bb3cc94
- SHA256
  
  c7ebc985e82db990f9bc39e1065243a25fb8d9b693d4936e3c00a54e633e8423
- SHA512
  
  8fc926712470e6e0b26385b689f1dba105f3585487fff3d539950c4cf84706e99e1b66a2f24a4fb230f78614a2002033122a960ffd1e6f19e0b29b4598a52c95
- SSDEEP
  
  24576:o5wDJXe9Dz+HlhTA0nygszLbIJOKidPMmLpLuLaLcL/LhL3LxLxLsJS3k:oV9Dz+H/tnMgJodkUS0
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware