redline | 7ec3def21987a3b85ece7fa9b66cafde648c486b29a15b496240c44923ff43c5 | Triage

Sharing

General

Target

NеwInstV2.exe
Size

604KB
Sample

240825-qms6xsxhlk
MD5

4c9dd2c461a4ea02feab57b233d2392b
SHA1

ff62489c5f4b9fbc290d39f91be74d81f975768c
SHA256

7ec3def21987a3b85ece7fa9b66cafde648c486b29a15b496240c44923ff43c5
SHA512

49d1b306ebc5795a0483fc1d6289df0e815a39e5b937fd638d2a642db263438dd4fe684b7b27ed47b4dee3d76af7c06434ccfb8ce8ff55107bb321ee799ff04e
SSDEEP

12288:VXNJxllbWJnR99Midg6HV78DwQA7fxxYHtK/+4B0guMItbBQsD263S/cUqjbkjmy:VXs957g613QAjN

Score

10^/10

redline credential_access discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

- Target
  
  NеwInstV2.exe
- Size
  
  604KB
- MD5
  
  4c9dd2c461a4ea02feab57b233d2392b
- SHA1
  
  ff62489c5f4b9fbc290d39f91be74d81f975768c
- SHA256
  
  7ec3def21987a3b85ece7fa9b66cafde648c486b29a15b496240c44923ff43c5
- SHA512
  
  49d1b306ebc5795a0483fc1d6289df0e815a39e5b937fd638d2a642db263438dd4fe684b7b27ed47b4dee3d76af7c06434ccfb8ce8ff55107bb321ee799ff04e
- SSDEEP
  
  12288:VXNJxllbWJnR99Midg6HV78DwQA7fxxYHtK/+4B0guMItbBQsD263S/cUqjbkjmy:VXs957g613QAjN
Score

10^/10

discovery redline credential_access infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinecredential_accessdiscoveryinfostealerspywarestealer