redline | a3fa2ab4e84d4ea0a272962535016b660eb797bb2210e747d28a51a024a3e6c5 | Triage

Sharing

General

Target

a3fa2ab4e84d4ea0a272962535016b660eb797bb2210e747d28a51a024a3e6c5
Size

4.6MB
Sample

231215-rlv5kadahr
MD5

cf8a20b11ce9cf757bfaf49bd93ac524
SHA1

e349ecb0e296bb830f1b6495b003062c299c4016
SHA256

a3fa2ab4e84d4ea0a272962535016b660eb797bb2210e747d28a51a024a3e6c5
SHA512

a46ecf6435515de574074790696a19abdaea81b85d5d7dc6d3d0138cf75d4916acd500639889770dfc9a8de3f499cd39d86958bf46e47ded0a9227029fe7f73a
SSDEEP

49152:0+0uIwxes1V4MvtSMKJD50BIaVhzh2jmlGGODZ6LSjG9oSyTXYUkqOedG9ilud7x:08CMOJmBIqV2CENVlSyMqZ4iQd7x

Score

10^/10

redline vic infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

vic

C2

91.92.241.115:12393

Targets

- Target
  
  a3fa2ab4e84d4ea0a272962535016b660eb797bb2210e747d28a51a024a3e6c5
- Size
  
  4.6MB
- MD5
  
  cf8a20b11ce9cf757bfaf49bd93ac524
- SHA1
  
  e349ecb0e296bb830f1b6495b003062c299c4016
- SHA256
  
  a3fa2ab4e84d4ea0a272962535016b660eb797bb2210e747d28a51a024a3e6c5
- SHA512
  
  a46ecf6435515de574074790696a19abdaea81b85d5d7dc6d3d0138cf75d4916acd500639889770dfc9a8de3f499cd39d86958bf46e47ded0a9227029fe7f73a
- SSDEEP
  
  49152:0+0uIwxes1V4MvtSMKJD50BIaVhzh2jmlGGODZ6LSjG9oSyTXYUkqOedG9ilud7x:08CMOJmBIqV2CENVlSyMqZ4iQd7x
Score

10^/10

redline vic infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinevicinfostealerspyware