redline | 523553a2b0c4fd9fbec2666db1e87b983097bc0bfa467f73731da2417c1a9399 | Triage

Sharing

General

Target

523553a2b0c4fd9fbec2666db1e87b983097bc0bfa467f73731da2417c1a9399
Size

217KB
Sample

221123-rwbtnscf2x
MD5

0f6c799b4d0cc69b97cb5606a4726ad8
SHA1

fa561f02bb36c5105b009645f7e68b267c106a12
SHA256

523553a2b0c4fd9fbec2666db1e87b983097bc0bfa467f73731da2417c1a9399
SHA512

16dbf176f352db0a0dbfe8513c8f1d08bcc47837330653804ed55db1a68cb3ebe0c128def4cba80d6a24515490c5e944df04e67d204c69afb16b7cda33ceeb14
SSDEEP

3072:sR4vq60E/oW+24ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwGS:sKvr0E/oywe2xrjq6O4MJ4bM5Y4+cE

Score

10^/10

redline @madboyza infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes

auth_value
9bfce7bfb110f8f53d96c7a32c655358

Targets

- Target
  
  523553a2b0c4fd9fbec2666db1e87b983097bc0bfa467f73731da2417c1a9399
- Size
  
  217KB
- MD5
  
  0f6c799b4d0cc69b97cb5606a4726ad8
- SHA1
  
  fa561f02bb36c5105b009645f7e68b267c106a12
- SHA256
  
  523553a2b0c4fd9fbec2666db1e87b983097bc0bfa467f73731da2417c1a9399
- SHA512
  
  16dbf176f352db0a0dbfe8513c8f1d08bcc47837330653804ed55db1a68cb3ebe0c128def4cba80d6a24515490c5e944df04e67d204c69afb16b7cda33ceeb14
- SSDEEP
  
  3072:sR4vq60E/oW+24ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwGS:sKvr0E/oywe2xrjq6O4MJ4bM5Y4+cE
Score

10^/10

redline @madboyza infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@madboyzainfostealerspyware