redline | c46d9806ddf348be3fabfd89e3122fd66a81a768f114876839b38ee17e6358d9 | Triage

Sharing

General

Target

c46d9806ddf348be3fabfd89e3122fd66a81a768f114876839b38ee17e6358d9
Size

2.5MB
Sample

221129-zab7bagf8w
MD5

7cb0596d7155d31bca923e437a2dfd33
SHA1

2dc10e404fc08cf3963e68986574498a1218267e
SHA256

c46d9806ddf348be3fabfd89e3122fd66a81a768f114876839b38ee17e6358d9
SHA512

97b8d7d3929d4949a20958f434b70e50b065fbf75e80cce92782d838ded533352964254638ab7b8eb5de08723fc06bf445b0e8d479ad8a037723b2c28b4ee5eb
SSDEEP

24576:7RjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkPvgdiVuQI:tjh3E7nVoYDv/3DpfPkiE

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  c46d9806ddf348be3fabfd89e3122fd66a81a768f114876839b38ee17e6358d9
- Size
  
  2.5MB
- MD5
  
  7cb0596d7155d31bca923e437a2dfd33
- SHA1
  
  2dc10e404fc08cf3963e68986574498a1218267e
- SHA256
  
  c46d9806ddf348be3fabfd89e3122fd66a81a768f114876839b38ee17e6358d9
- SHA512
  
  97b8d7d3929d4949a20958f434b70e50b065fbf75e80cce92782d838ded533352964254638ab7b8eb5de08723fc06bf445b0e8d479ad8a037723b2c28b4ee5eb
- SSDEEP
  
  24576:7RjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkPvgdiVuQI:tjh3E7nVoYDv/3DpfPkiE
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware