redline | 77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707 | Triage

Sharing

General

Target

77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
Size

218KB
Sample

221113-aagz5ada6w
MD5

280ff0e3d9207d53b6cec62e55354ea0
SHA1

d29e651db88ef0689cd8a82089a9f92de1a4890b
SHA256

77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
SHA512

7ccc36df33b54013db1d640301e2f22750ff23d60420eabfa04cf12680dd23db749574f065dc300a67a6da87cebfca9870fecca94abf87eae7837c81e33da680
SSDEEP

3072:O4Zvc+9TjxAXjGPPg2uEvIzjRnyiUhB6TS/S9uFKVKrHexARcCT2kcmeqjs7GXo:OyUixAGhgh9ucUruu32aHbjKgZ

Score

10^/10

redline google2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
- Size
  
  218KB
- MD5
  
  280ff0e3d9207d53b6cec62e55354ea0
- SHA1
  
  d29e651db88ef0689cd8a82089a9f92de1a4890b
- SHA256
  
  77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
- SHA512
  
  7ccc36df33b54013db1d640301e2f22750ff23d60420eabfa04cf12680dd23db749574f065dc300a67a6da87cebfca9870fecca94abf87eae7837c81e33da680
- SSDEEP
  
  3072:O4Zvc+9TjxAXjGPPg2uEvIzjRnyiUhB6TS/S9uFKVKrHexARcCT2kcmeqjs7GXo:OyUixAGhgh9ucUruu32aHbjKgZ
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegoogle2infostealerspyware