redline | bb6bebc2da9a2e1fbca123f3955327973c06cbad06e76be306c3446195bc5d74 | Triage

Sharing

General

Target

bb6bebc2da9a2e1fbca123f3955327973c06cbad06e76be306c3446195bc5d74
Size

2.4MB
Sample

221027-mvfn1sbhb3
MD5

27c7f7f9888b6ceeb0ece73684a19d47
SHA1

309ea2db106eefb950c0b5346795961c0bb04621
SHA256

bb6bebc2da9a2e1fbca123f3955327973c06cbad06e76be306c3446195bc5d74
SHA512

b8f08d602f3b842a8024d527fd3b878bd65d6585942739024bccd3e05ee4068e7bdc55dbdd6751664faad00f36344249018a21694d879f1aa35df67d649e92b3
SSDEEP

49152:0crNlCMvYd7T7FJ9Sp5CT8+Uc2pZpkLyXOnuw8JJvMZauuV0ZG:0crNMFJ9I5EOpZORhEJudG

Score

10^/10

redline 1310 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes

auth_value
feb5f5c29913f32658637e553762a40e

Targets

- Target
  
  bb6bebc2da9a2e1fbca123f3955327973c06cbad06e76be306c3446195bc5d74
- Size
  
  2.4MB
- MD5
  
  27c7f7f9888b6ceeb0ece73684a19d47
- SHA1
  
  309ea2db106eefb950c0b5346795961c0bb04621
- SHA256
  
  bb6bebc2da9a2e1fbca123f3955327973c06cbad06e76be306c3446195bc5d74
- SHA512
  
  b8f08d602f3b842a8024d527fd3b878bd65d6585942739024bccd3e05ee4068e7bdc55dbdd6751664faad00f36344249018a21694d879f1aa35df67d649e92b3
- SSDEEP
  
  49152:0crNlCMvYd7T7FJ9Sp5CT8+Uc2pZpkLyXOnuw8JJvMZauuV0ZG:0crNMFJ9I5EOpZORhEJudG
Score

10^/10

redline 1310 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1310infostealerspyware