redline | 74ae0102c4050421d0c81c0e96627b39f2004e2456845a43cdf6280c06f4ee64 | Triage

Sharing

General

Target

74ae0102c4050421d0c81c0e96627b39f2004e2456845a43cdf6280c06f4ee64
Size

472KB
Sample

221107-tz3snsabal
MD5

4f784fd650c865f8363b7f314c20f4be
SHA1

b1f016318068a4c59960254ca7560cfba550cd5c
SHA256

74ae0102c4050421d0c81c0e96627b39f2004e2456845a43cdf6280c06f4ee64
SHA512

c5abcd28932273def39c57210ef266b7a83898d9c02e3597c9d5a62e193acdafd0efce983c8ace838982110451276c63a3267d9569e08f6855da3d75b2acaec0
SSDEEP

12288:S9s1Nb4P/ngZepriWeB7Ix0nV654ve3ySYX0vO+5N42FeVxCNm1arFSB+:BLsP/nuoaICV654ve3ySYX0vO+5N42FF

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

157.90.145.151:14075

Attributes

auth_value
197a8d2e248bee4495c3db7cbfdf6d3d

Targets

- Target
  
  74ae0102c4050421d0c81c0e96627b39f2004e2456845a43cdf6280c06f4ee64
- Size
  
  472KB
- MD5
  
  4f784fd650c865f8363b7f314c20f4be
- SHA1
  
  b1f016318068a4c59960254ca7560cfba550cd5c
- SHA256
  
  74ae0102c4050421d0c81c0e96627b39f2004e2456845a43cdf6280c06f4ee64
- SHA512
  
  c5abcd28932273def39c57210ef266b7a83898d9c02e3597c9d5a62e193acdafd0efce983c8ace838982110451276c63a3267d9569e08f6855da3d75b2acaec0
- SSDEEP
  
  12288:S9s1Nb4P/ngZepriWeB7Ix0nV654ve3ySYX0vO+5N42FeVxCNm1arFSB+:BLsP/nuoaICV654ve3ySYX0vO+5N42FF
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware