redline | 5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7 | Triage

Sharing

General

Target

5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
Size

234KB
Sample

221116-nywp3sec7t
MD5

bbf813ba0ead26fad5ca73846aaac0cf
SHA1

c7cf1d788f354f205a898fc6481977d7f29a9fe7
SHA256

5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
SHA512

8f816eb442a250cd3dfa2d4573a617eafc92498d604ae10a69b8c848499412ccb9aca70fae504e89aa533917035af20a817830719a07e93a51bd92c7ec1d63c9
SSDEEP

3072:o6OIOpy4TM4rFdMyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedD1:oFTMQUgMqFl2cMlScQq192e+CfF1w

Score

10^/10

redline 711 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

711

C2

194.110.203.100:32796

Attributes

auth_value
24e3340d853c89cad1e25194559ee778

Targets

- Target
  
  5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
- Size
  
  234KB
- MD5
  
  bbf813ba0ead26fad5ca73846aaac0cf
- SHA1
  
  c7cf1d788f354f205a898fc6481977d7f29a9fe7
- SHA256
  
  5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
- SHA512
  
  8f816eb442a250cd3dfa2d4573a617eafc92498d604ae10a69b8c848499412ccb9aca70fae504e89aa533917035af20a817830719a07e93a51bd92c7ec1d63c9
- SSDEEP
  
  3072:o6OIOpy4TM4rFdMyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedD1:oFTMQUgMqFl2cMlScQq192e+CfF1w
Score

10^/10

redline 711 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline711infostealerspyware