redline | d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af | Triage

Sharing

General

Target

d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
Size

223KB
Sample

221125-b9gdbagb3x
MD5

7ef95a5768f32e8e63ed2ae3aa73ed8c
SHA1

b62e504456e50e0c1ae512737aeb77b82aeabfae
SHA256

d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
SHA512

7538e4a4f6b6968c7ba8f4e75c6d379094e5c3e8bcf7b53419d2939b5d1f52f286de07d08f0118d051ef8cfe36a0c548ee3363f1fc3cd86efd525f1f8d20c551
SSDEEP

3072:OfuIXBTScabTW7y/e2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jw5:OfuIRTScamce2xrjq6O4MJ4bM5Y4+cE

Score

10^/10

redline @madboyza infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes

auth_value
9bfce7bfb110f8f53d96c7a32c655358

Targets

- Target
  
  d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
- Size
  
  223KB
- MD5
  
  7ef95a5768f32e8e63ed2ae3aa73ed8c
- SHA1
  
  b62e504456e50e0c1ae512737aeb77b82aeabfae
- SHA256
  
  d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
- SHA512
  
  7538e4a4f6b6968c7ba8f4e75c6d379094e5c3e8bcf7b53419d2939b5d1f52f286de07d08f0118d051ef8cfe36a0c548ee3363f1fc3cd86efd525f1f8d20c551
- SSDEEP
  
  3072:OfuIXBTScabTW7y/e2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jw5:OfuIRTScamce2xrjq6O4MJ4bM5Y4+cE
Score

10^/10

redline @madboyza infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@madboyzainfostealerspyware