redline | e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af | Triage

Sharing

General

Target

e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af
Size

2.4MB
Sample

221029-kyf3vaagap
MD5

2c6f646f0757dfc55776b6a5c99e4a6d
SHA1

bbe5541e23524ce04558293962b87e144e39892b
SHA256

e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af
SHA512

23b7cf8e8de5a26ea0f162969eefca7a7f005f67493938c62c32e7210cb1a2d5f3d97e09232a41ada6512353915a37b2fc4701cb2c941073a398722a682392a5
SSDEEP

49152:CyByhf6eqFDEaSPiVCTh/ouN8s7LaI/p4hpH+/u/DkmH:CyByhf6eqFDEaGiVEBiqvSSG/bH

Score

10^/10

redline 1310 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes

auth_value
feb5f5c29913f32658637e553762a40e

Targets

- Target
  
  e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af
- Size
  
  2.4MB
- MD5
  
  2c6f646f0757dfc55776b6a5c99e4a6d
- SHA1
  
  bbe5541e23524ce04558293962b87e144e39892b
- SHA256
  
  e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af
- SHA512
  
  23b7cf8e8de5a26ea0f162969eefca7a7f005f67493938c62c32e7210cb1a2d5f3d97e09232a41ada6512353915a37b2fc4701cb2c941073a398722a682392a5
- SSDEEP
  
  49152:CyByhf6eqFDEaSPiVCTh/ouN8s7LaI/p4hpH+/u/DkmH:CyByhf6eqFDEaGiVEBiqvSSG/bH
Score

10^/10

redline 1310 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1310infostealerspyware