redline | 8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330 | Triage

Sharing

General

Target

8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
Size

235KB
Sample

221205-qvch5shd7v
MD5

85938fbf341af7663ee5c0b2d4f828df
SHA1

bab30321241a8e2dff67b577f8b67d2858bf4848
SHA256

8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
SHA512

3bd0961e4e2783676ddf407b006ed88d201981454ac0ef996ae022f4c5b746c015fda7f39bc347cce4a13e28839e8a9b59486292e636e33af7e1ce1472781c99
SSDEEP

6144:3+lYNx0OWg5Kq+PwQoHp0DoK2KJSTfqrhmK:3+lYzXAeQR2KJqfqrhmK

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
- Size
  
  235KB
- MD5
  
  85938fbf341af7663ee5c0b2d4f828df
- SHA1
  
  bab30321241a8e2dff67b577f8b67d2858bf4848
- SHA256
  
  8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
- SHA512
  
  3bd0961e4e2783676ddf407b006ed88d201981454ac0ef996ae022f4c5b746c015fda7f39bc347cce4a13e28839e8a9b59486292e636e33af7e1ce1472781c99
- SSDEEP
  
  6144:3+lYNx0OWg5Kq+PwQoHp0DoK2KJSTfqrhmK:3+lYzXAeQR2KJqfqrhmK
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware