redline | 2a9742c868f6194144d5b00a71550db31f460c4759889df6e6a926495ac18761 | Triage

Sharing

General

Target

2a9742c868f6194144d5b00a71550db31f460c4759889df6e6a926495ac18761
Size

216KB
Sample

221129-rva6ragh38
MD5

a97888a9f6589f930526d760f49188ab
SHA1

f4e655e1b4d4f9ee64ad5077eb8bfd65b4824fb4
SHA256

2a9742c868f6194144d5b00a71550db31f460c4759889df6e6a926495ac18761
SHA512

b497da3c8db597eb5f1c87c687c58982563dbdd424e61347ccca91a59d6d1407acebfafd48a5bfc1276cfc6451673aa36d3bbc14abba4888e2a0e0cbf460dc3d
SSDEEP

3072:khbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:vCxGNp7FUyf2AhZjwINut

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  2a9742c868f6194144d5b00a71550db31f460c4759889df6e6a926495ac18761
- Size
  
  216KB
- MD5
  
  a97888a9f6589f930526d760f49188ab
- SHA1
  
  f4e655e1b4d4f9ee64ad5077eb8bfd65b4824fb4
- SHA256
  
  2a9742c868f6194144d5b00a71550db31f460c4759889df6e6a926495ac18761
- SHA512
  
  b497da3c8db597eb5f1c87c687c58982563dbdd424e61347ccca91a59d6d1407acebfafd48a5bfc1276cfc6451673aa36d3bbc14abba4888e2a0e0cbf460dc3d
- SSDEEP
  
  3072:khbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:vCxGNp7FUyf2AhZjwINut
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware