redline | 7255667354b8d0aaebc286130fa25f8bf61c05149332e1b8b90c39a88a763c7b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

1.1MB
Sample

231106-rgpf8adc49
MD5

19cc49e7b8ea46e5aabaeda0bcf1d647
SHA1

3384b74558e16a22cb45d5170d425aa76ea87775
SHA256

7255667354b8d0aaebc286130fa25f8bf61c05149332e1b8b90c39a88a763c7b
SHA512

a7ac3ca20e12c6e06944193bc4eafaa1e1dde534ada105c3466a3b67ad837471cb4a95690a266d43e8cb0c55a903d0ca06590d4b73f10ccb033ac8a25eba61ba
SSDEEP

12288:S0b31Z6Fvu3atO9cqIOBBK10MD90EbRnghd4ng3atO9cqIOBBK10MD90EbRnghdD:S0WFkazDaENnghdEeazDaENnghdfL

Score

10^/10

redline infostealer spyware

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  1.1MB
- MD5
  
  19cc49e7b8ea46e5aabaeda0bcf1d647
- SHA1
  
  3384b74558e16a22cb45d5170d425aa76ea87775
- SHA256
  
  7255667354b8d0aaebc286130fa25f8bf61c05149332e1b8b90c39a88a763c7b
- SHA512
  
  a7ac3ca20e12c6e06944193bc4eafaa1e1dde534ada105c3466a3b67ad837471cb4a95690a266d43e8cb0c55a903d0ca06590d4b73f10ccb033ac8a25eba61ba
- SSDEEP
  
  12288:S0b31Z6Fvu3atO9cqIOBBK10MD90EbRnghd4ng3atO9cqIOBBK10MD90EbRnghdD:S0WFkazDaENnghdEeazDaENnghdfL
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerspyware