redline | 0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7 | Triage

Sharing

General

Target

0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7
Size

412KB
Sample

231011-2etchage7t
MD5

44ac7f2fc213654a84bd9406e0ba9e2e
SHA1

4ccea375b1b19eb1bacf4482835b499e9cfc24d2
SHA256

0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7
SHA512

11bd5e56c4add6f4eb1100066588de2d0d6fc26852d508ec22553e4fc9ca2f7d48cb9875a9b6434ee1f70a5137a2f3099b102df3959eb267c041b21311d79cfc
SSDEEP

6144:r96hvxIcPJL8+5oprOCu5yzuAOGhr1Ld2Il85CU8MRE9Hwxqwq:r9EpIcPy+a6uu0h1Ld2IiCCawowq

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

194.169.175.232:45451

Attributes

auth_value
277a7742ea9b1da2a636fb11c1abcacd

Targets

- Target
  
  0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7
- Size
  
  412KB
- MD5
  
  44ac7f2fc213654a84bd9406e0ba9e2e
- SHA1
  
  4ccea375b1b19eb1bacf4482835b499e9cfc24d2
- SHA256
  
  0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7
- SHA512
  
  11bd5e56c4add6f4eb1100066588de2d0d6fc26852d508ec22553e4fc9ca2f7d48cb9875a9b6434ee1f70a5137a2f3099b102df3959eb267c041b21311d79cfc
- SSDEEP
  
  6144:r96hvxIcPJL8+5oprOCu5yzuAOGhr1Ld2Il85CU8MRE9Hwxqwq:r9EpIcPy+a6uu0h1Ld2IiCCawowq
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware