redline | 466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10 | Triage

Sharing

General

Target

466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
Size

234KB
Sample

221116-q5d5qafc3w
MD5

cce8615f9e697a298760ab4843b960fd
SHA1

e814ec411a2fb2cfed2a491ecc04f874035e98fa
SHA256

466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
SHA512

4d7d99d910b0fddcf40f4099260163172eb05fe66fdcfec5935989a3746da2f560e57a92be375f73325caca167d5c8e6a73b52acec1f6812cadd5f044269c11e
SSDEEP

3072:fEPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:f+ZnQ0gMqFl2cMlScQq192e+CfFBw

Score

10^/10

redline 711 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

711

C2

194.110.203.100:32796

Attributes

auth_value
24e3340d853c89cad1e25194559ee778

Targets

- Target
  
  466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
- Size
  
  234KB
- MD5
  
  cce8615f9e697a298760ab4843b960fd
- SHA1
  
  e814ec411a2fb2cfed2a491ecc04f874035e98fa
- SHA256
  
  466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
- SHA512
  
  4d7d99d910b0fddcf40f4099260163172eb05fe66fdcfec5935989a3746da2f560e57a92be375f73325caca167d5c8e6a73b52acec1f6812cadd5f044269c11e
- SSDEEP
  
  3072:fEPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:f+ZnQ0gMqFl2cMlScQq192e+CfFBw
Score

10^/10

redline 711 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline711infostealerspyware