redline | b0a89158dea9dcc2316980ad63bd51fe9940d9fb3457ecf103aceeafa6b8dea0 | Triage

Sharing

General

Target

301ff7a420fd0552c93742d4175275c3.exe
Size

263KB
Sample

230214-t5yqxaef84
MD5

301ff7a420fd0552c93742d4175275c3
SHA1

fb56ef9a722c6aa8d4f3466d9d582cacee0d9b2a
SHA256

b0a89158dea9dcc2316980ad63bd51fe9940d9fb3457ecf103aceeafa6b8dea0
SHA512

f752934c917002a8cdc3bd5f1f5e9117658c7cc1b598560c7fc8d211fb93e5ebf301b30bea20e47d9416d2488ab57abaf0a9ccd684405c61e7488816a2d341c8
SSDEEP

6144:wusgrsMWFXLukIGXpKtWQu3OoZlC+59COUo:wnNlL/I2n35l599Uo

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

37.220.87.13:40676

Attributes

auth_value
6a55bb111a7651699b2b1febe113c3ae

Targets

- Target
  
  301ff7a420fd0552c93742d4175275c3.exe
- Size
  
  263KB
- MD5
  
  301ff7a420fd0552c93742d4175275c3
- SHA1
  
  fb56ef9a722c6aa8d4f3466d9d582cacee0d9b2a
- SHA256
  
  b0a89158dea9dcc2316980ad63bd51fe9940d9fb3457ecf103aceeafa6b8dea0
- SHA512
  
  f752934c917002a8cdc3bd5f1f5e9117658c7cc1b598560c7fc8d211fb93e5ebf301b30bea20e47d9416d2488ab57abaf0a9ccd684405c61e7488816a2d341c8
- SSDEEP
  
  6144:wusgrsMWFXLukIGXpKtWQu3OoZlC+59COUo:wnNlL/I2n35l599Uo
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware