redline | 36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a | Triage

Sharing

General

Target

36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
Size

149KB
Sample

221127-jrz2psef4v
MD5

1084866d0af1783c18ba3366a4cce613
SHA1

61c8d2948ba4acaf0c7a49acaf896096d2592ae8
SHA256

36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
SHA512

c0f7eb52ce67bc23c7417f33d568cc5be560c9947a0ee3f33840e62350dd232c0a6c37d7c1d0a222524c0275916eceecd0136ef44b0a650ae94ecdf84c9dd4a9
SSDEEP

3072:yxai1itkN1B5waJyJFsHuF5ytw/VFo7NLaMpu:ptkN+SyJFsHu3ytw/VENWM4

Score

10^/10

redline kript newlogs infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

newlogs

C2

77.73.133.70:38819

Attributes

auth_value
05a73a1692c3aebb2a26f1a593237a77

Extracted

Family

redline

Botnet

KRIPT

C2

212.8.246.157:32348

Attributes

auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4

Targets

- Target
  
  36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
- Size
  
  149KB
- MD5
  
  1084866d0af1783c18ba3366a4cce613
- SHA1
  
  61c8d2948ba4acaf0c7a49acaf896096d2592ae8
- SHA256
  
  36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
- SHA512
  
  c0f7eb52ce67bc23c7417f33d568cc5be560c9947a0ee3f33840e62350dd232c0a6c37d7c1d0a222524c0275916eceecd0136ef44b0a650ae94ecdf84c9dd4a9
- SSDEEP
  
  3072:yxai1itkN1B5waJyJFsHuF5ytw/VFo7NLaMpu:ptkN+SyJFsHu3ytw/VENWM4
Score

10^/10

redline kript newlogs infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinekriptnewlogsinfostealerspywarestealer