redline | e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30 | Triage

Sharing

General

Target

e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
Size

234KB
Sample

221115-te9qgsad9z
MD5

ebe1870be2fa78527fec23e2100a051e
SHA1

eb593043f75a28dbd01f2d9e1298479a7e0b178d
SHA256

e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
SHA512

4bca49294680089a42d92098846cb11e211805a6593e36bb3d106aa1d6b546cfaa7e60cdec6751d3ef7ae3b3673c5a7de63c5ec709980d2b2c69ab099e3289d6
SSDEEP

3072:TFf1Oly4I34rutyAA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYcQ:TiI3QBgMqFl2cMlScQq192e+CfFRw

Score

10^/10

redline 711 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

711

C2

194.110.203.100:32796

Attributes

auth_value
24e3340d853c89cad1e25194559ee778

Targets

- Target
  
  e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
- Size
  
  234KB
- MD5
  
  ebe1870be2fa78527fec23e2100a051e
- SHA1
  
  eb593043f75a28dbd01f2d9e1298479a7e0b178d
- SHA256
  
  e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
- SHA512
  
  4bca49294680089a42d92098846cb11e211805a6593e36bb3d106aa1d6b546cfaa7e60cdec6751d3ef7ae3b3673c5a7de63c5ec709980d2b2c69ab099e3289d6
- SSDEEP
  
  3072:TFf1Oly4I34rutyAA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYcQ:TiI3QBgMqFl2cMlScQq192e+CfFRw
Score

10^/10

redline 711 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline711infostealerspyware