redline | 29f6ad19e14d59373300e33c896804b2d04030480ea958760143e01a0c4dcc04 | Triage

Sharing

General

Target

29f6ad19e14d59373300e33c896804b2d04030480ea958760143e01a0c4dcc04
Size

2.4MB
Sample

221027-tjkxxscfg4
MD5

6a4704a7b824557501fbb55ff72ee656
SHA1

22a1e49dfd99dcf366a57e28fee64107bb07b3ff
SHA256

29f6ad19e14d59373300e33c896804b2d04030480ea958760143e01a0c4dcc04
SHA512

e6414d2f3a881eb07a851d497310589d20bf94e515a3e0879fd7c17d4179fa7fc2776b1c2d1bb11562c603637c18dd680fd4cbd4b2eb8b4a56e7a1a25f9b9298
SSDEEP

49152:2AUvs6sW9dCVCCTuQILjBD40mY7ITzrQVmX7ZWLaFyciC0h:2AUvs6sWjCgE+LFDuY79e1WLkyc0h

Score

10^/10

redline 1310 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes

auth_value
feb5f5c29913f32658637e553762a40e

Targets

- Target
  
  29f6ad19e14d59373300e33c896804b2d04030480ea958760143e01a0c4dcc04
- Size
  
  2.4MB
- MD5
  
  6a4704a7b824557501fbb55ff72ee656
- SHA1
  
  22a1e49dfd99dcf366a57e28fee64107bb07b3ff
- SHA256
  
  29f6ad19e14d59373300e33c896804b2d04030480ea958760143e01a0c4dcc04
- SHA512
  
  e6414d2f3a881eb07a851d497310589d20bf94e515a3e0879fd7c17d4179fa7fc2776b1c2d1bb11562c603637c18dd680fd4cbd4b2eb8b4a56e7a1a25f9b9298
- SSDEEP
  
  49152:2AUvs6sW9dCVCCTuQILjBD40mY7ITzrQVmX7ZWLaFyciC0h:2AUvs6sWjCgE+LFDuY79e1WLkyc0h
Score

10^/10

redline 1310 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1310infostealerspyware