redline

Sharing

Copy URL

Twitter E-mail

General

Target

Inject.rar
Size

4.2MB
Sample

240525-v5qwqsca4x
MD5

5c6b145a15f3c0b94a5f72cd469133eb
SHA1

975953651a808e118d7fe9efb9a5f0412598101a
SHA256

b56f3ef36c1a05d0bc5b28b9bc7e38a5f8d8ff49c05fab2c686976fd195f73fa
SHA512

857f0842a0279ae23a380652a2cd903cebc1cf33df9029ba0f4529b53a109857a8f5841133dabfb437ee7a882bb27176077bf915377bce0e796a981beb4ac1a1
SSDEEP

98304:/yU39OUPWLYUD2Id4QY3Zu3at66tcO8V/PT6KfdQ1N9bnSe:aU3YIId1WZptl8FP+KfCVbnSe

Score

10^/10

redline infostealer

Malware Config

Targets

- Target
  
  Inject.rar
- Size
  
  4.2MB
- MD5
  
  5c6b145a15f3c0b94a5f72cd469133eb
- SHA1
  
  975953651a808e118d7fe9efb9a5f0412598101a
- SHA256
  
  b56f3ef36c1a05d0bc5b28b9bc7e38a5f8d8ff49c05fab2c686976fd195f73fa
- SHA512
  
  857f0842a0279ae23a380652a2cd903cebc1cf33df9029ba0f4529b53a109857a8f5841133dabfb437ee7a882bb27176077bf915377bce0e796a981beb4ac1a1
- SSDEEP
  
  98304:/yU39OUPWLYUD2Id4QY3Zu3at66tcO8V/PT6KfdQ1N9bnSe:aU3YIId1WZptl8FP+KfCVbnSe
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Inject/Inject.exe
- Size
  
  10.0MB
- MD5
  
  5c02826d4b0ee2ba6f50a9fef4f31281
- SHA1
  
  57adb9017811b37fe756093c9b7c61181ef2fe8b
- SHA256
  
  8ecd9f59a8ddd6a3d3e520fafb41ff63cbe36f881dd250b50b7f9212a6bbac57
- SHA512
  
  823b8fe1626bc1bb76c6a78711a9135ca7ca4ca353646d23d27d0b409d10712f0d348de7b7cd3bb49f77b240d5e3f1c7d2379c6fd4688cc7e00e242228ae8183
- SSDEEP
  
  3072:dTbNi8i4NfbYSgmdy6rWN1cHa7UCBR/QmGTyxKcvy55b0hOY0AROlRO6M98M2Uz:bv+8SWCkusb0hOY0AROlRO6MzHOwpFK
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
behavioral3 behavioral4
- Target
  
  Inject/_internal/VCRUNTIME140.dll
- Size
  
  94KB
- MD5
  
  a87575e7cf8967e481241f13940ee4f7
- SHA1
  
  879098b8a353a39e16c79e6479195d43ce98629e
- SHA256
  
  ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
- SHA512
  
  e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
- SSDEEP
  
  1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
Score

1^/10
behavioral5 behavioral6
- Target
  
  Inject/_internal/_bz2.pyd
- Size
  
  84KB
- MD5
  
  4fdf3bc5548f98264ccedca2e400e8ef
- SHA1
  
  9254a0a3f16a0dabc11504bbd8bd3b425702a0b6
- SHA256
  
  cb2b8853ccf149b0b175769cb8ed6e2f9c2cbec0af3d8835c43570fd91da1b4f
- SHA512
  
  3bc15f142da4708c9e564fded1207f9502c5efb93c63e9db34caa931ee3d628c3eef66dc2adb42d796f7a2e1908bbe26d917aecd151fbc241d9efc67c8a7f63d
- SSDEEP
  
  1536:U7Sz7efjsrb7QMpfQKeGPHMD6p4fu718oVABfx1iE3nBZIuMVzbyjS:UeztXcUfAG/MD6pUu76oVax1iE3BZIuu
Score

1^/10
behavioral7 behavioral8
- Target
  
  Inject/_internal/_ctypes.pyd
- Size
  
  123KB
- MD5
  
  a1b81ce092c5a2c9afd13b5cae872441
- SHA1
  
  05b695dbb5e62adb368d8bd142f667b2e7e9d437
- SHA256
  
  eb5ebeb25888ff124abd0db3e08577b84538e62610107fe4e008d7c188a78210
- SHA512
  
  5158e462b0aeebf711e42363cf9ca1ac546958154257cc3063ba4575da28c2a7c95b1527a54adfa00d9b3c6f8832aedd97e6c79f5cd70a47146afb0f1afa288a
- SSDEEP
  
  3072:ns51kM2JpMk49dWZKrcsaIopofrZVUAWwVIuBP4F:snkMoOwCc6frZBWwE
Score

1^/10
behavioral10 behavioral9
- Target
  
  Inject/_internal/_decimal.pyd
- Size
  
  265KB
- MD5
  
  2dabdd7b03ee2d8328fad17bc9cf9970
- SHA1
  
  b609d222807eeff2dc4ea3a6ab4c36a9bf2067a4
- SHA256
  
  5f8e850820050cabe5aa36838ba9abd62a4f5d5d2aa1b337cbb795077e1d48bf
- SHA512
  
  4d89f284acd6118fd0a5081cb52dfa8f4453a7980e04b91e4592f8f05fe620729db2bd9178b7df61c1b0b0990096780a81f49414a551b3d9bef6397f3342c60a
- SSDEEP
  
  6144:thn7Ki4/DOyyraBcGaWdK9iaweDmLsdmg9qWMa3pLW1A1AomNaZ:OiSOPraBxVKdyLsgiN6aZ
Score

1^/10
behavioral11 behavioral12
- Target
  
  Inject/_internal/_hashlib.pyd
- Size
  
  64KB
- MD5
  
  cc06750ac9811e6b0ebe1482c032b0cf
- SHA1
  
  db0e43e4c0082d44b9385d6d94a68ecc72fd99e7
- SHA256
  
  9a1ffa72a808fdfe88dd8f9e7083b285edf246df07c35ac032dc45d905f58fce
- SHA512
  
  ededec073f5651cdf2f0ed6a74278b0df630871f2ccad7d831a908a7e3efa4e5bed96d38647706add29963a515c9a13051f1457ae934d5ff75129e41bb4cd8dd
- SSDEEP
  
  768:QDyWRAgSG1MbRSoc0NK5ERnzJXkNeQWC3YcOKPte7F8dCmjDzoxIuYIh6DG4yjXE:SnuSqe4h3QV3jOqm8dCuzoxIuYIcyjU
Score

1^/10
behavioral13 behavioral14
- Target
  
  Inject/_internal/_lzma.pyd
- Size
  
  159KB
- MD5
  
  ce4a35fc25d50497e8be0e75ff8d61b3
- SHA1
  
  19325e4bfe74289f062b657df082e47ac7bc14eb
- SHA256
  
  e352c77f7810ea83617ed096626ac9c3d628726def47551f90741d201c1f3b3d
- SHA512
  
  380b2be74d440b44c0abad4cfe3cddffbb36ca53d844dfe262b869cff0309f0758a86d220eb8c19eea4f18e823906c90ca2c8566e8e59e5c3e25ddc9d149cdb9
- SSDEEP
  
  3072:YaV4kBVeMMbwjQneCHPDLORDEUznfo9mNoRrL4rEZIuD1N2:YaV4kBVHMKQZrUDEKwYORwrEW
Score

1^/10
behavioral15 behavioral16
- Target
  
  Inject/_internal/_socket.pyd
- Size
  
  78KB
- MD5
  
  439b4d756cde64fba441e640df56dd60
- SHA1
  
  881dbf2366915399b3bb8be6083f94f46eebaaf7
- SHA256
  
  acb377fd6967b2ce819601c7d6a102d30af570eaee9e312e383f34aecd5df142
- SHA512
  
  ef4b78e9f6cc740696836062dffa956ee5b9d1f0be8d809497ea778fea80761fc5b3baa938756344edc18dbaeeae6fe660f2ee8fcc25e0d7985e55f4461e3c33
- SSDEEP
  
  1536:ABCJoimjxvExWxAd9/s+++prjDmrpZMP4kVIuBw/yyO:Tai6lfAd9/sT+pDmrbWVIuBwY
Score

1^/10
behavioral17 behavioral18
- Target
  
  Inject/_internal/base_library.zip
- Size
  
  828KB
- MD5
  
  628e68070b1d1a9f573a4cc72a5166a5
- SHA1
  
  be9ee48576d83af9d7d1ec3f49a4f3a63ef7dce7
- SHA256
  
  a12bc351b8cb11d01c9426ed4221fb4bc4440ee99f228b9db4bfabdf05384a1a
- SHA512
  
  6121e62bfe046535468da27fd3aaa805ea40e5b821de540e19194f12dbdda68307eef755bc3b15fd57ed30fc09c80a00951fd334215bb780f0125ac36cf78bfa
- SSDEEP
  
  24576:uK73bOPwcosQNRs54PK4ItBVwHEfVEZInSC/:uK73bOIcosQNRs54PK4Is6
Score

1^/10
behavioral19 behavioral20
- Target
  
  Inject/_internal/libcrypto-1_1.dll
- Size
  
  3.3MB
- MD5
  
  63c4f445b6998e63a1414f5765c18217
- SHA1
  
  8c1ac1b4290b122e62f706f7434517077974f40e
- SHA256
  
  664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2
- SHA512
  
  aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd
- SSDEEP
  
  49152:6uTKuk2i4IU6ixsOjPWJJrf129Pr1+leV6E3AH/vgpdbZ/NPL0asQa1CPwDv3uF3:6XH+n9Z+1obZ/10asv1CPwDv3uFfJLx
Score

1^/10
behavioral21 behavioral22
- Target
  
  Inject/_internal/libffi-7.dll
- Size
  
  32KB
- MD5
  
  eef7981412be8ea459064d3090f4b3aa
- SHA1
  
  c60da4830ce27afc234b3c3014c583f7f0a5a925
- SHA256
  
  f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
- SHA512
  
  dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
- SSDEEP
  
  384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
Score

1^/10
behavioral23 behavioral24
- Target
  
  Inject/_internal/python39.dll
- Size
  
  4.3MB
- MD5
  
  789b4ecbce732a7e8479e8909f097d16
- SHA1
  
  a79c2e1ca0ad675a48f3bba0fbdeff1b888f0e74
- SHA256
  
  8314174dacfc1c4f177be8266c78f147621cf577a39742642a76ec27e7b87b02
- SHA512
  
  b9b57ff21735c06f4b3957cdd5a3ab54602a7141f1792de52aea0e6fc41be957070b958ab75b1a26a302b6fb17a02e9a187ad289a6af0c72a5ade43b4bf06e6d
- SSDEEP
  
  49152:RvVhdnYR7v/ZWQqC/KVBCNE4LWKFj7X6YMpYwgzxsDnfu3pbSLIlTrr4z9IE3uju:/2v/ZWrVVYRKyIFCDHuoPHVM2bwYJk
Score

1^/10
behavioral25 behavioral26
- Target
  
  Inject/_internal/select.pyd
- Size
  
  28KB
- MD5
  
  db414debf94abe8d159f42f71fd4c292
- SHA1
  
  1b585a565d6c769a9323885d0f3af2038fb06dfe
- SHA256
  
  2a451074afe05260fc274fba6851f8f96cd46ad32b657d876dd55f237244b6e3
- SHA512
  
  16a35bacd1511a327dd490304b48d7b2b87e906e693283950c46b3ae4da5db1f68d50b937f3e31329d106e92751456a9f31637495b2b8190b5f2a4a49c9146a5
- SSDEEP
  
  768:OYyAU1265whK9HqQOc+VIumGHDG4yjfhs:u86GhWKQOc+VIumGhyj6
Score

1^/10
behavioral27 behavioral28
- Target
  
  Inject/_internal/unicodedata.pyd
- Size
  
  1.1MB
- MD5
  
  8a888fc01d0ed182f4c6e3ddc27665eb
- SHA1
  
  1c5af90831ca65c4ece4c0b23110ad81c28d281c
- SHA256
  
  3efd2cfb8f29e914e002a244b2072ad9ed595abcb9179759020f3a10c9089204
- SHA512
  
  e3f85f612a02681d972f26683ee69b9f454497e0c32e8d44a8cc63fa496604467a3be3cd924fdb503d1eb6c9af030d44c462da0bdffed3d83e6b42c211ddc19a
- SSDEEP
  
  12288:yezMmuZ63NTQCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uom7:yezucZV0m88MMREtV6Vo4uYom7
Score

1^/10
behavioral29 behavioral30

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

RedLine payload

Executes dropped EXE

RedLine

RedLine payload

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30