redline | 72df011a0d070995fcb6337bca285b3baeb03332753c8cce09c5729205513a15 | Triage

Sharing

General

Target

WeaverV2.exe
Size

340KB
Sample

240525-yyefxagg5t
MD5

d141432ff2210bcbd754b1ee53eba033
SHA1

7312d57236bbad8f2011e6e7ee6d90bfaa6fb3e6
SHA256

72df011a0d070995fcb6337bca285b3baeb03332753c8cce09c5729205513a15
SHA512

a830f6e6c3fd4becf376fcaa9be5c0e6031f3de0d0de26076f5410e8b56e80ee70d705826da43a0e675b78709d4d832d3270dc83afa8ad79316bb53fca039143
SSDEEP

6144:6/prWijUFYVz2uIkRuq3RVaNWi3wd9S6/KyRZ9WnXkbBfmvDTw9:E6iwGYwuKVus9S6/KyRZ9WnXkbBfmvDw

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

194.26.232.43:20746

Targets

- Target
  
  WeaverV2.exe
- Size
  
  340KB
- MD5
  
  d141432ff2210bcbd754b1ee53eba033
- SHA1
  
  7312d57236bbad8f2011e6e7ee6d90bfaa6fb3e6
- SHA256
  
  72df011a0d070995fcb6337bca285b3baeb03332753c8cce09c5729205513a15
- SHA512
  
  a830f6e6c3fd4becf376fcaa9be5c0e6031f3de0d0de26076f5410e8b56e80ee70d705826da43a0e675b78709d4d832d3270dc83afa8ad79316bb53fca039143
- SSDEEP
  
  6144:6/prWijUFYVz2uIkRuq3RVaNWi3wd9S6/KyRZ9WnXkbBfmvDTw9:E6iwGYwuKVus9S6/KyRZ9WnXkbBfmvDw
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineinfostealerspyware