redline | f16baa38ff2d65edd4d2872def5296d99a0e3f991e1ab364a2aa5829de95d90d | Triage

Sharing

General

Target

f16baa38ff2d65edd4d2872def5296d99a0e3f991e1ab364a2aa5829de95d90d
Size

217KB
Sample

221203-kpbf1ahc68
MD5

7c2c90aeef5bfac9d06cb2f2b5377049
SHA1

8980a5d78049bacdef8c8f4af66eacb9e90475a0
SHA256

f16baa38ff2d65edd4d2872def5296d99a0e3f991e1ab364a2aa5829de95d90d
SHA512

612185c898a4d4a2543168cd361a3b9e816f4e432cfc98836945cf72eefb73dc2221f9c982cf34dd612f3a94bf1dff5764701766029746d26cec152979dc5986
SSDEEP

3072:RliRUiFzW0qu7b4ee8fwmGzPMWxS+bsqLCX3knb95IcWdXCY9bTAIrFld00c9xO:RliRUwNveMwTDM4RVCkbSCY9fCe

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  f16baa38ff2d65edd4d2872def5296d99a0e3f991e1ab364a2aa5829de95d90d
- Size
  
  217KB
- MD5
  
  7c2c90aeef5bfac9d06cb2f2b5377049
- SHA1
  
  8980a5d78049bacdef8c8f4af66eacb9e90475a0
- SHA256
  
  f16baa38ff2d65edd4d2872def5296d99a0e3f991e1ab364a2aa5829de95d90d
- SHA512
  
  612185c898a4d4a2543168cd361a3b9e816f4e432cfc98836945cf72eefb73dc2221f9c982cf34dd612f3a94bf1dff5764701766029746d26cec152979dc5986
- SSDEEP
  
  3072:RliRUiFzW0qu7b4ee8fwmGzPMWxS+bsqLCX3knb95IcWdXCY9bTAIrFld00c9xO:RliRUwNveMwTDM4RVCkbSCY9fCe
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware