redline | 1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35 | Triage

Sharing

General

Target

1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
Size

242KB
Sample

221112-tfwv1sge98
MD5

4f631724394e402ac41744521eadeeab
SHA1

6110301f4cdf7344ba804aa0fe095666bda37446
SHA256

1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
SHA512

e1532da10430fb11811d2e98a1a9359c8a79cfe08ec26da824daa6e29db45c14102881a0d2f3e2915fabd956b045619fbd176a097081607bf9487963dff24edf
SSDEEP

6144:1EV/oJY6gZme/6ZM8GISMPCiDmLD3e507bNU:2V/oJGUSNbee7bNU

Score

10^/10

redline google2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
- Size
  
  242KB
- MD5
  
  4f631724394e402ac41744521eadeeab
- SHA1
  
  6110301f4cdf7344ba804aa0fe095666bda37446
- SHA256
  
  1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
- SHA512
  
  e1532da10430fb11811d2e98a1a9359c8a79cfe08ec26da824daa6e29db45c14102881a0d2f3e2915fabd956b045619fbd176a097081607bf9487963dff24edf
- SSDEEP
  
  6144:1EV/oJY6gZme/6ZM8GISMPCiDmLD3e507bNU:2V/oJGUSNbee7bNU
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegoogle2infostealerspyware