redline | 1570f6daac9b4567a4c1f68da417ac43adbeadedc94a2ec92d8f6341f08bb85d | Triage

Sharing

General

Target

1570f6daac9b4567a4c1f68da417ac43adbeadedc94a2ec92d8f6341f08bb85d.exe
Size

802KB
Sample

221204-nmvcwaea73
MD5

266531bc43d8aa514ef4ac6bbf06fbce
SHA1

f398542a6db9d63ffaa6b221792b561b045533c9
SHA256

1570f6daac9b4567a4c1f68da417ac43adbeadedc94a2ec92d8f6341f08bb85d
SHA512

aa35b78c1f374b0585da1cb87ab2f368798cfd9476864efcbd235a02597be46bd6ee66ab170dc328e661b4e68ad8b90c57d544ec704d1b369b5c181be22a8394
SSDEEP

24576:rm5bRpdKx7w7eGXo3G4bZlZDckCo8xvQkf7Rh:m7eGXo2CDckz4vpf7Rh

Score

10^/10

redline @andriii_ff infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@andriii_ff

C2

176.124.220.67:30929

Attributes

auth_value
525a7ad8080b3552f2f7735af7644111

Targets

- Target
  
  1570f6daac9b4567a4c1f68da417ac43adbeadedc94a2ec92d8f6341f08bb85d.exe
- Size
  
  802KB
- MD5
  
  266531bc43d8aa514ef4ac6bbf06fbce
- SHA1
  
  f398542a6db9d63ffaa6b221792b561b045533c9
- SHA256
  
  1570f6daac9b4567a4c1f68da417ac43adbeadedc94a2ec92d8f6341f08bb85d
- SHA512
  
  aa35b78c1f374b0585da1cb87ab2f368798cfd9476864efcbd235a02597be46bd6ee66ab170dc328e661b4e68ad8b90c57d544ec704d1b369b5c181be22a8394
- SSDEEP
  
  24576:rm5bRpdKx7w7eGXo3G4bZlZDckCo8xvQkf7Rh:m7eGXo2CDckz4vpf7Rh
Score

10^/10

redline @andriii_ff infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@andriii_ffinfostealerspyware

behavioral2

redline@andriii_ffinfostealer