redline | 85c8f486b596da3c33a930edf5f9d0b69fc5b97fc04c9b77a57d9897e87aa19a | Triage

Sharing

General

Target

Arkham.zip
Size

5.2MB
Sample

240704-18altavcjh
MD5

dd5dd6ad3bad772105756b1aa73c76cb
SHA1

5cf7316b8b593aebe3aa152cfb43d9e020f3c61f
SHA256

85c8f486b596da3c33a930edf5f9d0b69fc5b97fc04c9b77a57d9897e87aa19a
SHA512

9056562e0c4c4c02adbee0b7092b1abd1bc62f7b600fbe23b941fc4084a4cbc83e9b75baa0714cbdb1ff34888f7ac27b568c9731f43be579e9fbf0882b787bd9
SSDEEP

98304:d65Ept5BBItcDmdFJAC5odya7GCgCG8aU1LfJ+x7PBLzkmC8u:d5pbIv8Mra7GCgCGaLwkX8u

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

- Target
  
  In3ectorV1.exe
- Size
  
  551KB
- MD5
  
  ac851bb81a963de27c74522d6a9e0cbb
- SHA1
  
  3d26455b87da973a2d25063e64365ca8398b34d8
- SHA256
  
  7f354d6ccb201b2976290ccb26a18d06fef7f046a4706931a07deff8fa7043e9
- SHA512
  
  aee0093465fb554dcfa24d65bf668c9daad55cccbb3876d4a0982f024fa89e939567b3ec27db7a992b33b3bc70b1f2d1e4a6e0818f060fcd426ebe03b759c5b7
- SSDEEP
  
  12288:83vt2Yxj+paCZe0xJRy9jWmLW1nC/vTElL/NY1vjNh/PDhv4YUDjfNFZvcGN79/I:+DSPDxJRy9ikH/vTEW
Score

7^/10
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  In3ectorV2.exe
- Size
  
  499KB
- MD5
  
  3de9da89a65757146e44526b02c98748
- SHA1
  
  599c7352d720217836cf021c04c2d3241c0ba32e
- SHA256
  
  b538f4dda3df16f678fc4594f5b6e5c04cd191469b4688307b8eaf129b056a7d
- SHA512
  
  6f14759f34b84fa12b0d943be2a652a74e02f05f320db8d2978e33336bcb989434d6587a7cffe9f069793b74327148f0dd45fa01116de2ed22dc90b7d4b46203
- SSDEEP
  
  12288:jQKgte6BNg3HZgXUk0ineVZV2cA4jkeSRdFiDB4GhYVmAf5syDQhVAmNezXKSK2w:cKgI6B2Zl
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

redlineinfostealerspyware