redline | a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0 | Triage

Sharing

General

Target

a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
Size

218KB
Sample

221113-tf7yaabf45
MD5

88ac1c2d9500309c4fdb3274f457c013
SHA1

2faffb7ea31e40dad5050d1d66fa1e3c87d123a4
SHA256

a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
SHA512

465e7f3c7b4667290e70767decbf1f55c2391a66a2f625cb348c81a5e2342579ed362bdc460b7c133b5717f3c33c5d4359b60c3a947706af87fc65ae063fc951
SSDEEP

6144:SD+Ane/rMGy8X/emPEbI1wxgg5VEVnqrKgZ:++FMGtPem3KK8GUKgZ

Score

10^/10

redline google2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
- Size
  
  218KB
- MD5
  
  88ac1c2d9500309c4fdb3274f457c013
- SHA1
  
  2faffb7ea31e40dad5050d1d66fa1e3c87d123a4
- SHA256
  
  a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
- SHA512
  
  465e7f3c7b4667290e70767decbf1f55c2391a66a2f625cb348c81a5e2342579ed362bdc460b7c133b5717f3c33c5d4359b60c3a947706af87fc65ae063fc951
- SSDEEP
  
  6144:SD+Ane/rMGy8X/emPEbI1wxgg5VEVnqrKgZ:++FMGtPem3KK8GUKgZ
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegoogle2infostealerspyware