redline | 9ee4476b2f86ad59a74e4fb093e70dad5165369865f52cac816b5dbb57dac6b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ee4476b2f86ad59a74e4fb093e70dad5165369865f52cac816b5dbb57dac6b6
Size

396KB
Sample

231011-yrh6hsbh59
MD5

a691920060d7dddea107c0965701568d
SHA1

37dd0d6824db67debd0084936a7761c279be1152
SHA256

9ee4476b2f86ad59a74e4fb093e70dad5165369865f52cac816b5dbb57dac6b6
SHA512

7081729e65bbd0d19dd51ced3c6ee33ef3ba620a55c56e6caa99b7c5650df642d81fe8d11852179317ff20f5980e6ddb2fb775f55e4e382c351f068ae25143c1
SSDEEP

6144:yLGrViSWAs3WHexAVklAOZ5i5oDgX+hh0DRcGCPv8zWy+ZEgNcJLiloPGCc:yLqiSWLTfg5o8Xa6KG7GCc

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

194.169.175.232:45451

Attributes

auth_value
277a7742ea9b1da2a636fb11c1abcacd

Targets

- Target
  
  9ee4476b2f86ad59a74e4fb093e70dad5165369865f52cac816b5dbb57dac6b6
- Size
  
  396KB
- MD5
  
  a691920060d7dddea107c0965701568d
- SHA1
  
  37dd0d6824db67debd0084936a7761c279be1152
- SHA256
  
  9ee4476b2f86ad59a74e4fb093e70dad5165369865f52cac816b5dbb57dac6b6
- SHA512
  
  7081729e65bbd0d19dd51ced3c6ee33ef3ba620a55c56e6caa99b7c5650df642d81fe8d11852179317ff20f5980e6ddb2fb775f55e4e382c351f068ae25143c1
- SSDEEP
  
  6144:yLGrViSWAs3WHexAVklAOZ5i5oDgX+hh0DRcGCPv8zWy+ZEgNcJLiloPGCc:yLqiSWLTfg5o8Xa6KG7GCc
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware