redline | 0b71be5a3866792ef6f5651c5c4cf4efdb164c47b37e176bba89ad75ce7c6106 | Triage

Sharing

General

Target

0b71be5a3866792ef6f5651c5c4cf4efdb164c47b37e176bba89ad75ce7c6106
Size

566KB
Sample

240810-ajameawfnl
MD5

e8112582b2d94ea2f5183a1efb0788cd
SHA1

e1fc9987eb99042a66c17e7e38b0706f08c4a7d1
SHA256

0b71be5a3866792ef6f5651c5c4cf4efdb164c47b37e176bba89ad75ce7c6106
SHA512

42db2c888fae452499e01a60061569207cda5e6ce18ba0ed9265a3f3f2f91ac25e91f6d8c60c1b2b4f6eb197dc6e0d6bc3b4924e22cb637e7ed1b57e324b5d61
SSDEEP

12288:v/e+Ij6ZxVBPYYsVI7/32g+I/EpfvVRsxBw/pr3dSf4Thl4AGnfwajVI9aKZe3Su:u+IGPV1YNVIb2gd5wa

Score

10^/10

redline credential_access discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

- Target
  
  0b71be5a3866792ef6f5651c5c4cf4efdb164c47b37e176bba89ad75ce7c6106
- Size
  
  566KB
- MD5
  
  e8112582b2d94ea2f5183a1efb0788cd
- SHA1
  
  e1fc9987eb99042a66c17e7e38b0706f08c4a7d1
- SHA256
  
  0b71be5a3866792ef6f5651c5c4cf4efdb164c47b37e176bba89ad75ce7c6106
- SHA512
  
  42db2c888fae452499e01a60061569207cda5e6ce18ba0ed9265a3f3f2f91ac25e91f6d8c60c1b2b4f6eb197dc6e0d6bc3b4924e22cb637e7ed1b57e324b5d61
- SSDEEP
  
  12288:v/e+Ij6ZxVBPYYsVI7/32g+I/EpfvVRsxBw/pr3dSf4Thl4AGnfwajVI9aKZe3Su:u+IGPV1YNVIb2gd5wa
Score

10^/10

discovery redline credential_access infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinecredential_accessdiscoveryinfostealerspywarestealer