redline | 56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d | Triage

Sharing

General

Target

56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d
Size

220KB
Sample

221115-nf8lxsdf25
MD5

2e16dfb89abc59fd0989baad129963ac
SHA1

7cf7730705d5d3fd270979e2c830372f7915ca0a
SHA256

56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d
SHA512

733d35eb2bac730c6ca214ef29a219490130f3db867a6b8715eb5d7630873b771f4bbb32ca5c9d488aaef222016bf3a0164983d4e8bde0ae389c1c4643141ce3
SSDEEP

3072:6PkmUG2g4rt1eyMA/VkVt01U5yfFzqjVvi5+/IpJAcQqiB8nhx92eeZDyYc1H+/:L9VgQLDsZmFGVw+/I3AcQqF2eCC9+/

Score

10^/10

redline new1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

New1

C2

89.23.96.39:44465

Attributes

auth_value
da0f38445d4388aa8d9d8d856edbd407

Targets

- Target
  
  56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d
- Size
  
  220KB
- MD5
  
  2e16dfb89abc59fd0989baad129963ac
- SHA1
  
  7cf7730705d5d3fd270979e2c830372f7915ca0a
- SHA256
  
  56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d
- SHA512
  
  733d35eb2bac730c6ca214ef29a219490130f3db867a6b8715eb5d7630873b771f4bbb32ca5c9d488aaef222016bf3a0164983d4e8bde0ae389c1c4643141ce3
- SSDEEP
  
  3072:6PkmUG2g4rt1eyMA/VkVt01U5yfFzqjVvi5+/IpJAcQqiB8nhx92eeZDyYc1H+/:L9VgQLDsZmFGVw+/I3AcQqF2eCC9+/
Score

10^/10

redline new1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenew1infostealerspyware