redline | 3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290 | Triage

Sharing

General

Target

3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
Size

218KB
Sample

221113-n666sabb42
MD5

3de8df56c864e0f5a715f0a1e9383c48
SHA1

c4d5f366616430ecc5ab0123803b7586fcd90943
SHA256

3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
SHA512

88639641215375669dc56a5b0504b247b089848abcd0a2a901090f026f26928d8e5933b756fe9400f62f5579b94c7bc22e18fe83c25a99268686cca0ab29fdbc
SSDEEP

6144:51QWVkgiFkldDpJ1YHuFfWBCVt6PoKgZ:DQCDpvnFfWwmPoKgZ

Score

10^/10

redline google2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
- Size
  
  218KB
- MD5
  
  3de8df56c864e0f5a715f0a1e9383c48
- SHA1
  
  c4d5f366616430ecc5ab0123803b7586fcd90943
- SHA256
  
  3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
- SHA512
  
  88639641215375669dc56a5b0504b247b089848abcd0a2a901090f026f26928d8e5933b756fe9400f62f5579b94c7bc22e18fe83c25a99268686cca0ab29fdbc
- SSDEEP
  
  6144:51QWVkgiFkldDpJ1YHuFfWBCVt6PoKgZ:DQCDpvnFfWwmPoKgZ
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegoogle2infostealerspyware