redline | 3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49 | Triage

Sharing

General

Target

3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
Size

201KB
Sample

221201-xnwf1aah35
MD5

b8d34a3cf4b96030c9c641c0603e155b
SHA1

2d6ac2d8b3708d0c7ba0597a090962f0064650a9
SHA256

3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
SHA512

3df4f9873cc31b50934b18e3e37c9b74e2004ce671306c58507b594958017eaf3034a6392f4e214fe528b770238c3b6df22fc4e662200d184c5922e0d3b1e251
SSDEEP

3072:BrEnPaejyHmxkHieLXgVMh07XnS/sJIDp0qQjU7hvhYTW/uAVRum6SAxtHxO:BYnPMGAiWXg3rSaIVgjUFiW/uvle

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
- Size
  
  201KB
- MD5
  
  b8d34a3cf4b96030c9c641c0603e155b
- SHA1
  
  2d6ac2d8b3708d0c7ba0597a090962f0064650a9
- SHA256
  
  3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
- SHA512
  
  3df4f9873cc31b50934b18e3e37c9b74e2004ce671306c58507b594958017eaf3034a6392f4e214fe528b770238c3b6df22fc4e662200d184c5922e0d3b1e251
- SSDEEP
  
  3072:BrEnPaejyHmxkHieLXgVMh07XnS/sJIDp0qQjU7hvhYTW/uAVRum6SAxtHxO:BYnPMGAiWXg3rSaIVgjUFiW/uvle
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware