redline | e0b6712565018f30a97cce0297b20d491fd2424d09eaa64ca385758f48d6f723 | Triage

Sharing

General

Target

Setup.zip
Size

78.0MB
Sample

221103-1alanahebj
MD5

df1718942d28ba72f7a428e9b4abcbda
SHA1

a1b4b82ce5299583b7d97d4f32185977fcb8f747
SHA256

e0b6712565018f30a97cce0297b20d491fd2424d09eaa64ca385758f48d6f723
SHA512

885fb91df1f922e2d3fad6a69c7561097cc6e436a033d280a09faf4c1066151ada7f5ccfb2ee3bd58a223047dcf5f919de6cfb65118735e0659a81ba0fa3fdda
SSDEEP

1572864:PZIF/W+2Oq5ggbNx0N9zaZIF/W+2Oq5ggbNxUgI6ZIF/W+2Oq5ggbNx1r51y:PkWTOqOOkN4kWTOqOOkf6kWTOqOOlrC

Score

10^/10

redline 1248769308_99 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1248769308_99

C2

spartanlivestyle.xyz:28786

Attributes

auth_value
c363f8560ff21ea7f695ac60c01c4f74

Targets

- Target
  
  Setup.exe
- Size
  
  739.9MB
- MD5
  
  da03cbe050932b35ccb6eb09eddae4f8
- SHA1
  
  1cc5786cdf9cd4c09d33b89c0ef8ec83d719d050
- SHA256
  
  6b7f08cef7e04fc59d680cc4151cd00fa0c3366ee30f9e42534822c61906bcdf
- SHA512
  
  a6dda04f333c9e6350976b629a73acb5db4b0cc9e0556960fccb32752010239ca20600686533d2ea0b766da30c9237fbb990bcae6d39e70b2440148b0619f1a6
- SSDEEP
  
  3072:TbVLPY8Oqb1GXtquUbPFieoqDJMxU4vTmjiYwqRTsaBuJHPNXJ5xaJVYYPwioGu+:tDd0XtjlxU3BglPN55xowixuYH
Score

10^/10

redline 1248769308_99 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1248769308_99infostealerspyware

behavioral2

redline1248769308_99infostealerspyware