redline | dd4be3093013e1a6b425a449daa9ae6cc6283f9b160208f54262dd98d7adb308 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

220KB
Sample

221115-r6z91sed33
MD5

25f1a2578d2e75a6675da2d0a241bcc6
SHA1

4a9fac02958151667851d4574eb0b49d6e875e41
SHA256

dd4be3093013e1a6b425a449daa9ae6cc6283f9b160208f54262dd98d7adb308
SHA512

066820fc5abe91f7f641fff172a600c7266ae874c4f537b94c3ad0d0fcdd97dc89a58b0cd87e4f3582d4d497fb4d25e303066768f4dbf4a9cb20b58db0927748
SSDEEP

3072:/PkmUG2g4rt1eyjA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYc1E:E9VgQLsgMqFl2cMlScQq192e+Cfq/

Score

10^/10

redline 711 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

redline 711 infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline 711 infostealer spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

711

C2

194.110.203.100:32796

Attributes

auth_value
24e3340d853c89cad1e25194559ee778

Targets

- Target
  
  file.exe
- Size
  
  220KB
- MD5
  
  25f1a2578d2e75a6675da2d0a241bcc6
- SHA1
  
  4a9fac02958151667851d4574eb0b49d6e875e41
- SHA256
  
  dd4be3093013e1a6b425a449daa9ae6cc6283f9b160208f54262dd98d7adb308
- SHA512
  
  066820fc5abe91f7f641fff172a600c7266ae874c4f537b94c3ad0d0fcdd97dc89a58b0cd87e4f3582d4d497fb4d25e303066768f4dbf4a9cb20b58db0927748
- SSDEEP
  
  3072:/PkmUG2g4rt1eyjA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYc1E:E9VgQLsgMqFl2cMlScQq192e+Cfq/
Score

10^/10

redline 711 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline711infostealerspyware

behavioral2

redline711infostealerspyware

© 2018-2024

Terms | Privacy