redline | 58a66aa9c574bcbf81e7b26cd026fe3f0a132754315c4b5d4302e6cd093d6e65 | Triage

Sharing

General

Target

c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.zip
Size

116KB
Sample

221113-qn3fzsed5y
MD5

803bf1c55f3e6e2eee0e01447c1f5236
SHA1

5329f7fcea135cd4a25fefd4d6894db542c09d87
SHA256

58a66aa9c574bcbf81e7b26cd026fe3f0a132754315c4b5d4302e6cd093d6e65
SHA512

3ac07e5865fa95f9d7fa4ac876e1cb8c85ab25ade0c48d3e1b14c3b3d7dedbb3e746754e1ef7bad51c666b977e05d454162c6a1bfc076d5e1076076cc27ba216
SSDEEP

1536:8OVmeBlcPruzxn/CWBl4KwxNRR7QNwkFPgkt40St5GIXacNRNj4ARw2ThCck:8ylcPrutZ6dR23t4ZMcNTj41QIck

Score

10^/10

redline 4 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

4

C2

176.124.201.56:25784

Attributes

auth_value
1f101d9c1105a19254187500b2403d48

Targets

- Target
  
  c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
- Size
  
  282KB
- MD5
  
  df9005eaec4232a802cb205ddafce262
- SHA1
  
  90a545934efd744c7314d90d749f7249ddc40011
- SHA256
  
  c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b
- SHA512
  
  e1f61d7280f58c68c823ee82d74ffa56a7d59ac229754a39721f9396bdc2a9b5ddc29ac927fb4618cd8fe6387392f9bee20f79f8047741f8b9cac662e91dd4e7
- SSDEEP
  
  6144:7pLDN9eNbG2OeBdfvcMtamj7EVYDWKgoAK0lT:7pLDN9eM27/qQW8ANl
Score

10^/10

redline 4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline4infostealerspyware

behavioral2

redline4infostealerspyware