redline | f3c2059a2c503ad0973a4b8918eb2792ae1f22731c43a48311b6142e45898178 | Triage

Sharing

General

Target

f3c2059a2c503ad0973a4b8918eb2792ae1f22731c43a48311b6142e45898178
Size

2.6MB
Sample

221014-nx575adch6
MD5

4d9b4d4495d2db63e77c4c2bd67dc8a5
SHA1

ef8ed65f2c3543e1daebc91f2dd4feaa1d0f4b04
SHA256

f3c2059a2c503ad0973a4b8918eb2792ae1f22731c43a48311b6142e45898178
SHA512

5e6a318da88611dafb7a16775048e04f6df28cc5935014baf063b98f65327ab142e5a08719368f1bf14cb1ff92c85d45d39c23be21669f5b0aa91de9172195a9
SSDEEP

24576:KNJHeg42DvdN+YVYYIwnTuMOJSSRd9PlUkNdYcF66XY88QZ7qK6TXFLBzfIWAl31:8NegdDvdYHVYcFxXYQ7qK6TXF1r7Al31

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

193.106.191.160:8673

Attributes

auth_value
b452e7074eb79e37fc942576d3e3c701

Targets

- Target
  
  f3c2059a2c503ad0973a4b8918eb2792ae1f22731c43a48311b6142e45898178
- Size
  
  2.6MB
- MD5
  
  4d9b4d4495d2db63e77c4c2bd67dc8a5
- SHA1
  
  ef8ed65f2c3543e1daebc91f2dd4feaa1d0f4b04
- SHA256
  
  f3c2059a2c503ad0973a4b8918eb2792ae1f22731c43a48311b6142e45898178
- SHA512
  
  5e6a318da88611dafb7a16775048e04f6df28cc5935014baf063b98f65327ab142e5a08719368f1bf14cb1ff92c85d45d39c23be21669f5b0aa91de9172195a9
- SSDEEP
  
  24576:KNJHeg42DvdN+YVYYIwnTuMOJSSRd9PlUkNdYcF66XY88QZ7qK6TXFLBzfIWAl31:8NegdDvdYHVYcFxXYQ7qK6TXF1r7Al31
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware