redline | fd2847c74765de2076a219440e24aef4b05c6ae7b78bcfadc35b0f1506cd50cd | Triage

Sharing

General

Target

fd2847c74765de2076a219440e24aef4b05c6ae7b78bcfadc35b0f1506cd50cd
Size

2.4MB
Sample

221031-zcbnkadfer
MD5

6510052bdaf4bada1712740814a0d258
SHA1

51e9d4c892125c6494ac50ac14a6942cf8727bd6
SHA256

fd2847c74765de2076a219440e24aef4b05c6ae7b78bcfadc35b0f1506cd50cd
SHA512

002e229c04ddc1a1746c6e48edccc0095fa48eec03f766c9ee38d1601171ab918602064c22e25e9ab5bdca6f4fea84605fd2eaeaf0503ca44d492c123b1f7cf6
SSDEEP

49152:DKz6CXjT9N7UgvOmU2V1/2mcrR7yurh6XK1Rw:DKz6+jnbOmU2V1/ZLurhxLw

Score

10^/10

redline 1310 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes

auth_value
feb5f5c29913f32658637e553762a40e

Targets

- Target
  
  fd2847c74765de2076a219440e24aef4b05c6ae7b78bcfadc35b0f1506cd50cd
- Size
  
  2.4MB
- MD5
  
  6510052bdaf4bada1712740814a0d258
- SHA1
  
  51e9d4c892125c6494ac50ac14a6942cf8727bd6
- SHA256
  
  fd2847c74765de2076a219440e24aef4b05c6ae7b78bcfadc35b0f1506cd50cd
- SHA512
  
  002e229c04ddc1a1746c6e48edccc0095fa48eec03f766c9ee38d1601171ab918602064c22e25e9ab5bdca6f4fea84605fd2eaeaf0503ca44d492c123b1f7cf6
- SSDEEP
  
  49152:DKz6CXjT9N7UgvOmU2V1/2mcrR7yurh6XK1Rw:DKz6+jnbOmU2V1/ZLurhxLw
Score

10^/10

redline 1310 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1310infostealerspyware