redline | 4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346 | Triage

Sharing

General

Target

4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
Size

2.5MB
Sample

221129-w5pt4sha3z
MD5

b8e86530db730cf4ab032fb4c297c629
SHA1

9372007968cdf3e87e2aeeafc4dfb05732c88b45
SHA256

4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
SHA512

109d4ffc181a64cb9ef408ecbd7480813225ed3230809a51cf0dbe708f50edce9188db9b302107e6a06acc763f605c6de2601c3e9fd352cfe18f40a224dc61b4
SSDEEP

24576:eRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkfvgNVuQ5G:Ujh3E7nVoYDv/3Dpffw0

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
- Size
  
  2.5MB
- MD5
  
  b8e86530db730cf4ab032fb4c297c629
- SHA1
  
  9372007968cdf3e87e2aeeafc4dfb05732c88b45
- SHA256
  
  4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
- SHA512
  
  109d4ffc181a64cb9ef408ecbd7480813225ed3230809a51cf0dbe708f50edce9188db9b302107e6a06acc763f605c6de2601c3e9fd352cfe18f40a224dc61b4
- SSDEEP
  
  24576:eRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkfvgNVuQ5G:Ujh3E7nVoYDv/3Dpffw0
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware