redline | 66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f | Triage

Sharing

General

Target

66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
Size

234KB
Sample

221115-xpql5sfd23
MD5

ca8c41e754da35b3fb102241a51a589b
SHA1

586e33407629b6b05a0d7ab74315bf69c4474357
SHA256

66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
SHA512

be3323dda43fa152e3f6f9f31339ce31cc0aa394cce399133c66fb9337553815bc925f24d0b9b3c2ea5a6ecff6ab70b15ed9dbaca05f3c68c5bac4d50025d425
SSDEEP

3072:WUPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:WOZnQ0gMqFl2cMlScQq192e+CfFBw

Score

10^/10

redline 711 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

711

C2

194.110.203.100:32796

Attributes

auth_value
24e3340d853c89cad1e25194559ee778

Targets

- Target
  
  66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
- Size
  
  234KB
- MD5
  
  ca8c41e754da35b3fb102241a51a589b
- SHA1
  
  586e33407629b6b05a0d7ab74315bf69c4474357
- SHA256
  
  66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
- SHA512
  
  be3323dda43fa152e3f6f9f31339ce31cc0aa394cce399133c66fb9337553815bc925f24d0b9b3c2ea5a6ecff6ab70b15ed9dbaca05f3c68c5bac4d50025d425
- SSDEEP
  
  3072:WUPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:WOZnQ0gMqFl2cMlScQq192e+CfFBw
Score

10^/10

redline 711 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline711infostealerspyware