redline | 9697edcd912a930a547332d334c993248433ca49c3e935e42ac83fb6e7249901 | Triage

Sharing

General

Target

9697edcd912a930a547332d334c993248433ca49c3e935e42ac83fb6e7249901
Size

217KB
Sample

221123-zhjw5ach42
MD5

7bffdc47fdf7195e3356c33c1573db31
SHA1

966b7371fe0be92cb3b577216b1bfce92e142bf9
SHA256

9697edcd912a930a547332d334c993248433ca49c3e935e42ac83fb6e7249901
SHA512

a67f2691c9912dff52af45ad4deea957ef43ea1fa09c91b92d54e4237d83e9c71c0f81180783be3c0147ef5184992416413e8fc7fea95d2ccc7382800caf2fd0
SSDEEP

3072:Dz4vq60E/oW+24ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwGS:Dsvr0E/oywe2xrjq6O4MJ4bM5Y4+cE

Score

10^/10

redline @madboyza infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes

auth_value
9bfce7bfb110f8f53d96c7a32c655358

Targets

- Target
  
  9697edcd912a930a547332d334c993248433ca49c3e935e42ac83fb6e7249901
- Size
  
  217KB
- MD5
  
  7bffdc47fdf7195e3356c33c1573db31
- SHA1
  
  966b7371fe0be92cb3b577216b1bfce92e142bf9
- SHA256
  
  9697edcd912a930a547332d334c993248433ca49c3e935e42ac83fb6e7249901
- SHA512
  
  a67f2691c9912dff52af45ad4deea957ef43ea1fa09c91b92d54e4237d83e9c71c0f81180783be3c0147ef5184992416413e8fc7fea95d2ccc7382800caf2fd0
- SSDEEP
  
  3072:Dz4vq60E/oW+24ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwGS:Dsvr0E/oywe2xrjq6O4MJ4bM5Y4+cE
Score

10^/10

redline @madboyza infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@madboyzainfostealerspyware