redline | 803621c32942e7552672bf33873da606623108eb5eae9c0db10d3aefe58fbb3a | Triage

Sharing

General

Target

GhostTool2023.rar
Size

805KB
Sample

241125-1b9dwatphm
MD5

4ad88fd01fa8f1f0680527a9461be60e
SHA1

b08dc1e6f8485e12a311ad359b2bb1607dbfcf07
SHA256

803621c32942e7552672bf33873da606623108eb5eae9c0db10d3aefe58fbb3a
SHA512

5fd52f22db0dea940afaab7b5d27ccc201844f5a655f84a498375bd9806fe03acf475ae75ef6f88d7c42c891ba8374b7e2f74a587ed4a2e6ee0bd9229e339833
SSDEEP

24576:x6L8C/ZYBbC82nuhyVxpOdw5kiPFea/IxsW/Fv:x6L8jbC8nyVxpOdwkiPFT/IOqd

Score

10^/10

redline discovery infostealer

Malware Config

Extracted

Family

redline

C2

195.20.16.27:48665

Targets

- Target
  
  GhostTool.exe
- Size
  
  319KB
- MD5
  
  8ceeb2ef2e4ec57b587f2d17b7bfae47
- SHA1
  
  cbdcc2551e0e99a2429474a7aa41ffc15befea08
- SHA256
  
  5fadd2114a32e2c9cfafe9fc0ee4aec290c2dffda95eb91b40b3b926c26c40d2
- SHA512
  
  5cd19a3eb2b178641826c9a9874c53c539bb529e3938c8cca47865f2b3065f5909152bed135fbc7f551c2da867fd2772f8576c6c0ce199e233be5a3cc9651316
- SSDEEP
  
  3072:ZljFUfBV1GGsXIeyudr/rZ8LLaQdQ9lTz0Ls71EbL3yFWQIxtrcnSEYR9cz0h2mB:ZLI6LdrTZ8fwTwLs7kCsr4m9cgh2fK1
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
behavioral1
- Target
  
  Leaf.xNet.dll
- Size
  
  130KB
- MD5
  
  49f4452ad7279416405b47b2a5376217
- SHA1
  
  039906248cbcf27333dedb64daf47f09d366a597
- SHA256
  
  e89694b043881998ae3c04eacab0e9b1acca726bb006e9f9d6174ec928091fe4
- SHA512
  
  99a1285b4d53d5373290d2aced90257120d9a8de586978e52989ccbcf42730e8a13fa22d84d4db604a257c2a57a5c01f083f5c6e50a496b44ab04342b1490073
- SSDEEP
  
  3072:vKyv8Pa72pzCUvulLI/NZhttaMlMfm4hd:sg6mUvB
Score

1^/10
behavioral2
- Target
  
  Newtonsoft.Json.dll
- Size
  
  659KB
- MD5
  
  4df6c8781e70c3a4912b5be796e6d337
- SHA1
  
  cbc510520fcd85dbc1c82b02e82040702aca9b79
- SHA256
  
  3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
- SHA512
  
  964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c
- SSDEEP
  
  12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn
Score

1^/10
behavioral3
- Target
  
  Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealer

behavioral2

behavioral3

behavioral4