redline | d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69 | Triage

Sharing

General

Target

d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
Size

218KB
Sample

221112-yq66yscd6t
MD5

71ca99e5234f6246fa13d973328208de
SHA1

5ef1d50b5b346f39494454fcd0b14f66a15dc953
SHA256

d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
SHA512

9d3f27782a7e8ab09ce2b69c1a6a72f10852dc8dca7348b2043571ccd1da70bae6ef6b4cbebfe429daf18ccfa6d5705a846176ec0398483c35bb6135e4d77e33
SSDEEP

3072:04Zvc+9TjxAXjGPPOOEGrdCQVyk39ZJLQidd16KZS3uQ78I29vlawhmN1KgZ:0yUixAY1dPVyk1kikoS3uQBtN1KgZ

Score

10^/10

redline google2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
- Size
  
  218KB
- MD5
  
  71ca99e5234f6246fa13d973328208de
- SHA1
  
  5ef1d50b5b346f39494454fcd0b14f66a15dc953
- SHA256
  
  d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
- SHA512
  
  9d3f27782a7e8ab09ce2b69c1a6a72f10852dc8dca7348b2043571ccd1da70bae6ef6b4cbebfe429daf18ccfa6d5705a846176ec0398483c35bb6135e4d77e33
- SSDEEP
  
  3072:04Zvc+9TjxAXjGPPOOEGrdCQVyk39ZJLQidd16KZS3uQ78I29vlawhmN1KgZ:0yUixAY1dPVyk1kikoS3uQBtN1KgZ
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegoogle2infostealerspyware