redline | 2809692a2e632c34fd531dbdb4711e8d9935285fb29519eeb947756045f548b8 | Triage

Sharing

General

Target

Mod.exe
Size

350.7MB
Sample

221220-cbzmnsbf4s
MD5

6fde8a9b580c87e85d0148903f1cef7f
SHA1

98645ea87c782c91e115e514a6beb848a48336de
SHA256

2809692a2e632c34fd531dbdb4711e8d9935285fb29519eeb947756045f548b8
SHA512

4d6357bec55b8ea93b4130d08f4d673400a6d34107b1e186b596841a610ae5836b3370a56a9345d14d5732e4698592811d0d58bbded8f8556d27036fed75c160
SSDEEP

6144:uhw5kqoCc8u05Fks9udiaxuvE/IdPBRWcYnEXybEBN2z2DOMpkMQ2SAYUa/qqdh8:AOkq6scdpxMEwzY8ybEBNa2tB8A/abM

Score

10^/10

redline 777 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

777

C2

65.21.98.68:24348

Attributes

auth_value
2b0deda6565bbd2312234728956887ab

Targets

- Target
  
  Mod.exe
- Size
  
  350.7MB
- MD5
  
  6fde8a9b580c87e85d0148903f1cef7f
- SHA1
  
  98645ea87c782c91e115e514a6beb848a48336de
- SHA256
  
  2809692a2e632c34fd531dbdb4711e8d9935285fb29519eeb947756045f548b8
- SHA512
  
  4d6357bec55b8ea93b4130d08f4d673400a6d34107b1e186b596841a610ae5836b3370a56a9345d14d5732e4698592811d0d58bbded8f8556d27036fed75c160
- SSDEEP
  
  6144:uhw5kqoCc8u05Fks9udiaxuvE/IdPBRWcYnEXybEBN2z2DOMpkMQ2SAYUa/qqdh8:AOkq6scdpxMEwzY8ybEBNa2tB8A/abM
Score

10^/10

redline 777 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline777infostealerspyware

behavioral2

redline777infostealerspyware