redline | 56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e | Triage

Sharing

General

Target

56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
Size

217KB
Sample

221123-xnz47afe89
MD5

699569f236c62d07da81b3f45cd70164
SHA1

e04e78193cb0b4097c6a5c453f4aeb22056101cb
SHA256

56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
SHA512

3998f9b45b6b745abbe5494eb132fd7657e9123354318e95346ea480634d12abed5b6517b5bbcc70d6b5bda29bdeef864066519152a275e424d4a5173cabd298
SSDEEP

3072:h04v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:hXvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE

Score

10^/10

redline @madboyza infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes

auth_value
9bfce7bfb110f8f53d96c7a32c655358

Targets

- Target
  
  56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
- Size
  
  217KB
- MD5
  
  699569f236c62d07da81b3f45cd70164
- SHA1
  
  e04e78193cb0b4097c6a5c453f4aeb22056101cb
- SHA256
  
  56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
- SHA512
  
  3998f9b45b6b745abbe5494eb132fd7657e9123354318e95346ea480634d12abed5b6517b5bbcc70d6b5bda29bdeef864066519152a275e424d4a5173cabd298
- SSDEEP
  
  3072:h04v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:hXvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Score

10^/10

redline @madboyza infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@madboyzainfostealerspyware