redline | 67d787249ae186a7000e4db614af862c22db210fa263d2bdac3dcc7b06db8665 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

401KB
Sample

221222-thb9dseg36
MD5

a7743bd67e6581bfa51ce176ba844194
SHA1

7816b37c9bd622826cc5f41190897776b8f2b479
SHA256

67d787249ae186a7000e4db614af862c22db210fa263d2bdac3dcc7b06db8665
SHA512

8321a7d7c2100250544fb624fc60469472d17f2e1f0d8fd30079ad5c90c38579a26451c2b8ef29eea66ba0683217bc02f57642cbd65cb72af87d980505a59bbc
SSDEEP

6144:8gLO6OXFulbG4qXwVR7Gg2Bi2kAOJrAgRqYz05agz1bSczwKwXq:8N6O12bLqXwV5U+qpkgz1OczwKwq

Score

10^/10

redline bundle2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

bundle2

C2

65.21.5.58:24911

Attributes

auth_value
d9f9d4528fe5d7d9b08b5ca49403aef0

Targets

- Target
  
  file.exe
- Size
  
  401KB
- MD5
  
  a7743bd67e6581bfa51ce176ba844194
- SHA1
  
  7816b37c9bd622826cc5f41190897776b8f2b479
- SHA256
  
  67d787249ae186a7000e4db614af862c22db210fa263d2bdac3dcc7b06db8665
- SHA512
  
  8321a7d7c2100250544fb624fc60469472d17f2e1f0d8fd30079ad5c90c38579a26451c2b8ef29eea66ba0683217bc02f57642cbd65cb72af87d980505a59bbc
- SSDEEP
  
  6144:8gLO6OXFulbG4qXwVR7Gg2Bi2kAOJrAgRqYz05agz1bSczwKwXq:8N6O12bLqXwV5U+qpkgz1OczwKwq
Score

10^/10

redline bundle2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebundle2infostealerspyware

behavioral2

redlinebundle2infostealerspyware