redline | 192235e595b3aee8e7faea84c88736b80245a4a16d85c34e9374909423ade805 | Triage

Sharing

General

Target

192235e595b3aee8e7faea84c88736b80245a4a16d85c34e9374909423ade805
Size

213KB
Sample

221129-hwee5aff57
MD5

cc988217c583d584da3d308c547dbdff
SHA1

54135892c1d15444879958f76ca78c58ef7929c7
SHA256

192235e595b3aee8e7faea84c88736b80245a4a16d85c34e9374909423ade805
SHA512

0e95f6bd92fcabc888e27353948459a44314e4108d24c5e9d38e7ae489b96e99b07aef36c42def06beb5ca50f1b9edf1edccb2d21d5dcc9b742ecc46ecddf064
SSDEEP

3072:3/UiTL9nFwpFjUrMYyBrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqZq:3DL9nOpFjGMb7FUyf2AhZjwINq

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  192235e595b3aee8e7faea84c88736b80245a4a16d85c34e9374909423ade805
- Size
  
  213KB
- MD5
  
  cc988217c583d584da3d308c547dbdff
- SHA1
  
  54135892c1d15444879958f76ca78c58ef7929c7
- SHA256
  
  192235e595b3aee8e7faea84c88736b80245a4a16d85c34e9374909423ade805
- SHA512
  
  0e95f6bd92fcabc888e27353948459a44314e4108d24c5e9d38e7ae489b96e99b07aef36c42def06beb5ca50f1b9edf1edccb2d21d5dcc9b742ecc46ecddf064
- SSDEEP
  
  3072:3/UiTL9nFwpFjUrMYyBrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqZq:3DL9nOpFjGMb7FUyf2AhZjwINq
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware