redline | e3198ddbcebe11aef55b6398308258ab73709de377a802485e772a726c8918a9 | Triage

Sharing

General

Target

e3198ddbcebe11aef55b6398308258ab73709de377a802485e772a726c8918a9
Size

213KB
Sample

221129-jv8s1sdg6t
MD5

f211697ed68bb9f03c515a7f94fe21d1
SHA1

a63f82db7a4d577c8b2ea27fca9d6de63d7d9d83
SHA256

e3198ddbcebe11aef55b6398308258ab73709de377a802485e772a726c8918a9
SHA512

b964d0bb468e69fcf3403fc12c5dfc1a72dd359f31c600fa352610c50d933a1b09736003ac8c3cded5c29e147a86e538ba35805572d612c75c478353ed43b600
SSDEEP

3072:b/tiTL9nFwpFjUrMYyBrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqZq:bUL9nOpFjGMb7FUyf2AhZjwINq

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  e3198ddbcebe11aef55b6398308258ab73709de377a802485e772a726c8918a9
- Size
  
  213KB
- MD5
  
  f211697ed68bb9f03c515a7f94fe21d1
- SHA1
  
  a63f82db7a4d577c8b2ea27fca9d6de63d7d9d83
- SHA256
  
  e3198ddbcebe11aef55b6398308258ab73709de377a802485e772a726c8918a9
- SHA512
  
  b964d0bb468e69fcf3403fc12c5dfc1a72dd359f31c600fa352610c50d933a1b09736003ac8c3cded5c29e147a86e538ba35805572d612c75c478353ed43b600
- SSDEEP
  
  3072:b/tiTL9nFwpFjUrMYyBrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqZq:bUL9nOpFjGMb7FUyf2AhZjwINq
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware