redline | 4364de716ce73899bb82c0417a2cae748854be8db7ef7cc9fc9ca47b2f8031a0 | Triage

Sharing

General

Target

file.exe
Size

332KB
Sample

221111-zjptrsec5w
MD5

649f5856a0a8a90bbaf2184acdc6c28e
SHA1

ceb606fee39b49a984840d049fe8e66c368926ec
SHA256

4364de716ce73899bb82c0417a2cae748854be8db7ef7cc9fc9ca47b2f8031a0
SHA512

d3bcafbfb869a497563e96f47e404bb171cb585a3277e9b277710a5360e582b038eb280e963de8ce2ff93424891322965162e8210a1de0ca38f74ff88d02e7f7
SSDEEP

3072:8ZthlXskGHJwAp4fVIXXle0CfFm9hA8P5epcVQ3sYMzPmWbFl68OMwDO4pZE0GRT:8ZpshplCV6VexfcWOcDOsEZRLG/k

Score

10^/10

redline @andriii_f infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@andriii_f

C2

185.173.36.94:31511

Attributes

auth_value
6eb1d25f0a98fab37914f41dd85e7bb0

Targets

- Target
  
  file.exe
- Size
  
  332KB
- MD5
  
  649f5856a0a8a90bbaf2184acdc6c28e
- SHA1
  
  ceb606fee39b49a984840d049fe8e66c368926ec
- SHA256
  
  4364de716ce73899bb82c0417a2cae748854be8db7ef7cc9fc9ca47b2f8031a0
- SHA512
  
  d3bcafbfb869a497563e96f47e404bb171cb585a3277e9b277710a5360e582b038eb280e963de8ce2ff93424891322965162e8210a1de0ca38f74ff88d02e7f7
- SSDEEP
  
  3072:8ZthlXskGHJwAp4fVIXXle0CfFm9hA8P5epcVQ3sYMzPmWbFl68OMwDO4pZE0GRT:8ZpshplCV6VexfcWOcDOsEZRLG/k
Score

10^/10

redline @andriii_f infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@andriii_finfostealerspyware

behavioral2

redline@andriii_finfostealerspyware