redline | 7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7 | Triage

Sharing

General

Target

7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
Size

235KB
Sample

221205-p9djbaff4s
MD5

438ab147d113c399fa21fdd19805db80
SHA1

234346952d0ea8cb6dbc9247d8bfdfae9126142f
SHA256

7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
SHA512

6eca9d064b142715071ad9c36756af81c6dcef14a485835fb52be0388781c83fd815cadc13f8519fcca04220fcc34962147860619a7692ef4baf29260d6606cc
SSDEEP

6144:P+lYNxiOWg5Kq+PwQoHp0DoK2KJSTfqrhm1:P+lYztAeQR2KJqfqrhm1

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
- Size
  
  235KB
- MD5
  
  438ab147d113c399fa21fdd19805db80
- SHA1
  
  234346952d0ea8cb6dbc9247d8bfdfae9126142f
- SHA256
  
  7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
- SHA512
  
  6eca9d064b142715071ad9c36756af81c6dcef14a485835fb52be0388781c83fd815cadc13f8519fcca04220fcc34962147860619a7692ef4baf29260d6606cc
- SSDEEP
  
  6144:P+lYNxiOWg5Kq+PwQoHp0DoK2KJSTfqrhm1:P+lYztAeQR2KJqfqrhm1
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware