redline | fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b | Triage

Sharing

General

Target

fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
Size

590KB
Sample

221115-cstsraee75
MD5

d83c68b004860f9df81e16471daef592
SHA1

b0f94bcaa4c806b9a35d7b8762c0ec5abf25ae9c
SHA256

fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
SHA512

a716c0d6069b40b5e829a2555fa7b834ceb06de52837ab512ef2915b4a9bfe225a0e10c40a2f44fac636b15a42b87c701c0ad4a81ea840d09e3e7b4ceadaf084
SSDEEP

12288:UqCRbKWcTFDCoXBSP8edJk0/9yVnuYptBP5xwVQjjw:Uf0SPJdJJ9MjPfwVQjU

Score

10^/10

redline 1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

107.182.129.73:21733

Attributes

auth_value
3a5bb0917495b4312d052a0b8977d2bb

Targets

- Target
  
  fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
- Size
  
  590KB
- MD5
  
  d83c68b004860f9df81e16471daef592
- SHA1
  
  b0f94bcaa4c806b9a35d7b8762c0ec5abf25ae9c
- SHA256
  
  fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
- SHA512
  
  a716c0d6069b40b5e829a2555fa7b834ceb06de52837ab512ef2915b4a9bfe225a0e10c40a2f44fac636b15a42b87c701c0ad4a81ea840d09e3e7b4ceadaf084
- SSDEEP
  
  12288:UqCRbKWcTFDCoXBSP8edJk0/9yVnuYptBP5xwVQjjw:Uf0SPJdJJ9MjPfwVQjU
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1infostealerspyware