redline | 8982eecbc6365b0320c57d0d186f0b0569a6cb619da669f5a87ad3ad7b09e698 | Triage

Sharing

General

Target

a13a1f2fe5ee62cfd08004277f557664.exe
Size

611KB
Sample

231122-pp2emscd38
MD5

a13a1f2fe5ee62cfd08004277f557664
SHA1

af8581903c06152c9650deba3abe92260fa891e2
SHA256

8982eecbc6365b0320c57d0d186f0b0569a6cb619da669f5a87ad3ad7b09e698
SHA512

acf62fed3e86b850152349a6cae3b0d68d493f6ad09e5594f1528c15e93392635caad1d237ba1ab4fc4a539340d21e16d49102489bc58c05e9a5b9d123e94357
SSDEEP

12288:yivy90H6buQKNrjeqrvbg7tvXyfl7W1FgQNPuZtPF:yky5buQcmuWvXgW16ePu/d

Score

10^/10

redline infostealer persistence spyware

Malware Config

Targets

- Target
  
  a13a1f2fe5ee62cfd08004277f557664.exe
- Size
  
  611KB
- MD5
  
  a13a1f2fe5ee62cfd08004277f557664
- SHA1
  
  af8581903c06152c9650deba3abe92260fa891e2
- SHA256
  
  8982eecbc6365b0320c57d0d186f0b0569a6cb619da669f5a87ad3ad7b09e698
- SHA512
  
  acf62fed3e86b850152349a6cae3b0d68d493f6ad09e5594f1528c15e93392635caad1d237ba1ab4fc4a539340d21e16d49102489bc58c05e9a5b9d123e94357
- SSDEEP
  
  12288:yivy90H6buQKNrjeqrvbg7tvXyfl7W1FgQNPuZtPF:yky5buQcmuWvXgW16ePu/d
Score

10^/10

redline infostealer persistence spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerpersistencespyware