redline | aa8f68b1b8022b0552f9da003145604af0c1678c0aa212b67d6d8a632fa9a6ed | Triage

Sharing

General

Target

kiddions_mod_menu.exe
Size

277KB
Sample

221127-a7g2dsgf72
MD5

2f3f1ceac05b4591075f7628ee110541
SHA1

ef7a8ea3ab212bff9a8acd34d62c6693d411401a
SHA256

aa8f68b1b8022b0552f9da003145604af0c1678c0aa212b67d6d8a632fa9a6ed
SHA512

34679e109f54da9e9bd5efefba2a38da1035286198c71ce9c8b970b38b09fe952982543c901a686487d057fb4cf38bd47e41e2d5c89a4fce7f5b1044a55bc075
SSDEEP

6144:VrYK0pOq54x08yrFf8ZQ4mqLDqc1aS5D:B0p5h8yv5qLDh1RD

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

185.186.142.127:17355

Attributes

auth_value
4db087d257276840a1858a44b783d324

Targets

- Target
  
  kiddions_mod_menu.exe
- Size
  
  277KB
- MD5
  
  2f3f1ceac05b4591075f7628ee110541
- SHA1
  
  ef7a8ea3ab212bff9a8acd34d62c6693d411401a
- SHA256
  
  aa8f68b1b8022b0552f9da003145604af0c1678c0aa212b67d6d8a632fa9a6ed
- SHA512
  
  34679e109f54da9e9bd5efefba2a38da1035286198c71ce9c8b970b38b09fe952982543c901a686487d057fb4cf38bd47e41e2d5c89a4fce7f5b1044a55bc075
- SSDEEP
  
  6144:VrYK0pOq54x08yrFf8ZQ4mqLDqc1aS5D:B0p5h8yv5qLDh1RD
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware