redline | 19c737468617d72846231cfa493dda10ed4b24ecf8f284481c8aa59c61f3db3d | Triage

Sharing

General

Target

19c737468617d72846231cfa493dda10ed4b24ecf8f284481c8aa59c61f3db3d
Size

217KB
Sample

221123-z1kldaec26
MD5

1526f0914cf84e722a061833d97aa16e
SHA1

ce92e068d54635ac27a9723393c34b0b371d59cb
SHA256

19c737468617d72846231cfa493dda10ed4b24ecf8f284481c8aa59c61f3db3d
SHA512

49f6ed9f18b724d3cebf5ee7432a1382932c43dde6ab06b5e8aee1f0223239b63e53567b7d4a5cb59b2b3c443981ad4ab477a1e4a0249be3076af35baee88d4a
SSDEEP

3072:SU44v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:SUTvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE

Score

10^/10

redline @madboyza infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes

auth_value
9bfce7bfb110f8f53d96c7a32c655358

Targets

- Target
  
  19c737468617d72846231cfa493dda10ed4b24ecf8f284481c8aa59c61f3db3d
- Size
  
  217KB
- MD5
  
  1526f0914cf84e722a061833d97aa16e
- SHA1
  
  ce92e068d54635ac27a9723393c34b0b371d59cb
- SHA256
  
  19c737468617d72846231cfa493dda10ed4b24ecf8f284481c8aa59c61f3db3d
- SHA512
  
  49f6ed9f18b724d3cebf5ee7432a1382932c43dde6ab06b5e8aee1f0223239b63e53567b7d4a5cb59b2b3c443981ad4ab477a1e4a0249be3076af35baee88d4a
- SSDEEP
  
  3072:SU44v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:SUTvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Score

10^/10

redline @madboyza infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@madboyzainfostealerspyware