redline | 30da9c07f704aaf5052ca6f40dd0db10b98221b7d6ebdca493298956260bd151 | Triage

Sharing

General

Target

Discord.exe
Size

175KB
Sample

220810-n3r8fsbgb7
MD5

b276d1d3b95d8c2f813c52031b583aae
SHA1

7b7d8c4eeb1d0e3b3e95c2bfa5c4e168ae080d21
SHA256

30da9c07f704aaf5052ca6f40dd0db10b98221b7d6ebdca493298956260bd151
SHA512

deeb3f0a54f1714a9636c71a8b070c17deefcb06fd530951cdb121aefef94bdede4a3404ced4bdd4368bc99a7f1438ae175c063ea335ba895dd6cb383cf31f06

Score

10^/10

redline word infostealer ransomware_note spyware

Malware Config

Extracted

Family

redline

Botnet

word

C2

81.19.141.20:31338

Attributes

auth_value
3f5c83b2e97fa6c2f6a051fc94b43620

Targets

- Target
  
  Discord.exe
- Size
  
  175KB
- MD5
  
  b276d1d3b95d8c2f813c52031b583aae
- SHA1
  
  7b7d8c4eeb1d0e3b3e95c2bfa5c4e168ae080d21
- SHA256
  
  30da9c07f704aaf5052ca6f40dd0db10b98221b7d6ebdca493298956260bd151
- SHA512
  
  deeb3f0a54f1714a9636c71a8b070c17deefcb06fd530951cdb121aefef94bdede4a3404ced4bdd4368bc99a7f1438ae175c063ea335ba895dd6cb383cf31f06
Score

10^/10

redline word infostealer spyware ransomware_note
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Often Ransomware samples write a note containing information on how to pay the ransom.
  Often Ransomware samples write a note containing information on how to pay the ransom.
  ransomware_note
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinewordinfostealerspyware

behavioral2

redlinewordinfostealerransomware_notespyware