redline | 67380732347b7296e8e79d81f7652149b3e2dec92934d37e3f71b287e9400430 | Triage

Sharing

General

Target

67380732347b7296e8e79d81f7652149b3e2dec92934d37e3f71b287e9400430
Size

257KB
Sample

221106-jwqntsbaa7
MD5

39439857858948cfb4bba054c2ad3b84
SHA1

1c2af2b71490c6fa86a8c1d542fd4a629b280eb5
SHA256

67380732347b7296e8e79d81f7652149b3e2dec92934d37e3f71b287e9400430
SHA512

efbf2d10923b9c24470b506d2dec131d5a0d458803b60697745c77aa22e36587faa09bb61b0e95dbe2e9d965b8b4bcb8f8985fb879d598cda23ee3d830140dc8
SSDEEP

6144:5vwUOaYbwWP26xYEqNDJX+3hC32uYGPn+gDPqi/9ANo+A:5vwUOaYbdqNDt+3hCEgDPp/9khA

Score

10^/10

redline google2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  67380732347b7296e8e79d81f7652149b3e2dec92934d37e3f71b287e9400430
- Size
  
  257KB
- MD5
  
  39439857858948cfb4bba054c2ad3b84
- SHA1
  
  1c2af2b71490c6fa86a8c1d542fd4a629b280eb5
- SHA256
  
  67380732347b7296e8e79d81f7652149b3e2dec92934d37e3f71b287e9400430
- SHA512
  
  efbf2d10923b9c24470b506d2dec131d5a0d458803b60697745c77aa22e36587faa09bb61b0e95dbe2e9d965b8b4bcb8f8985fb879d598cda23ee3d830140dc8
- SSDEEP
  
  6144:5vwUOaYbwWP26xYEqNDJX+3hC32uYGPn+gDPqi/9ANo+A:5vwUOaYbdqNDt+3hCEgDPp/9khA
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinegoogle2infostealerspyware