redline | 0ba193df984d3da6993e7a0b84561adca005c7f2c7c2155d3defb07618ef7740 | Triage

Sharing

General

Target

0ba193df984d3da6993e7a0b84561adca005c7f2c7c2155d3defb07618ef7740
Size

2.5MB
Sample

221102-n4yrmacdbq
MD5

1b426b8e9942376e03543222863d29ae
SHA1

efaa1061619b6c82489db46a45d6b99a4c2ef2b2
SHA256

0ba193df984d3da6993e7a0b84561adca005c7f2c7c2155d3defb07618ef7740
SHA512

73c30d9d21f1206f383c08b0a2b6a432839592b3954cb602daaefc7a865c63860cb139ddc92a1a8c50103d78b9089972fc8edd6c082d455b90c5476a9d22d3ea
SSDEEP

49152:5ZqUuXj4r5Du2GIz+rgMw5obPxjDo27t+pszaId/FSKzNeU25jsN+NA:5QU04VqIz+rgxEPxjHzaI5FSK4Dg8u

Score

10^/10

redline 1310 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes

auth_value
feb5f5c29913f32658637e553762a40e

Targets

- Target
  
  0ba193df984d3da6993e7a0b84561adca005c7f2c7c2155d3defb07618ef7740
- Size
  
  2.5MB
- MD5
  
  1b426b8e9942376e03543222863d29ae
- SHA1
  
  efaa1061619b6c82489db46a45d6b99a4c2ef2b2
- SHA256
  
  0ba193df984d3da6993e7a0b84561adca005c7f2c7c2155d3defb07618ef7740
- SHA512
  
  73c30d9d21f1206f383c08b0a2b6a432839592b3954cb602daaefc7a865c63860cb139ddc92a1a8c50103d78b9089972fc8edd6c082d455b90c5476a9d22d3ea
- SSDEEP
  
  49152:5ZqUuXj4r5Du2GIz+rgMw5obPxjDo27t+pszaId/FSKzNeU25jsN+NA:5QU04VqIz+rgxEPxjHzaI5FSK4Dg8u
Score

10^/10

redline 1310 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1310infostealerspyware