redline | d571449c1df966fa0d9293e695f8a85e670b0182ba30d98148dce2c99dfc434b | Triage

Sharing

General

Target

d571449c1df966fa0d9293e695f8a85e670b0182ba30d98148dce2c99dfc434b
Size

239KB
Sample

221205-vna4yshe74
MD5

8232bbfcd843a4fd20512c4f3bae3e6b
SHA1

5aca5991fdfe991f81ad1bc311502c6b98ebd1a2
SHA256

d571449c1df966fa0d9293e695f8a85e670b0182ba30d98148dce2c99dfc434b
SHA512

4dce404fad2ea922e5100ce32299444142443415abc839af3dcda1d4a58f592d0db3798a0bf433904a7c4a35cf7d55649e96830d9db61d634fcc75cdf7aab996
SSDEEP

3072:3x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcNmpxO:3x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmE

Score

10^/10

redline @p1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  d571449c1df966fa0d9293e695f8a85e670b0182ba30d98148dce2c99dfc434b
- Size
  
  239KB
- MD5
  
  8232bbfcd843a4fd20512c4f3bae3e6b
- SHA1
  
  5aca5991fdfe991f81ad1bc311502c6b98ebd1a2
- SHA256
  
  d571449c1df966fa0d9293e695f8a85e670b0182ba30d98148dce2c99dfc434b
- SHA512
  
  4dce404fad2ea922e5100ce32299444142443415abc839af3dcda1d4a58f592d0db3798a0bf433904a7c4a35cf7d55649e96830d9db61d634fcc75cdf7aab996
- SSDEEP
  
  3072:3x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcNmpxO:3x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmE
Score

10^/10

redline @p1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealerspyware