redline | 01320b475214dbdfa7782958986b96dfadedbf5d27c708ab3616d3cdf1be9b34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01320b475214dbdfa7782958986b96dfadedbf5d27c708ab3616d3cdf1be9b34
Size

401KB
Sample

221223-aak2safe47
MD5

19a196e6f3b44ea54ac799f9d3b8bf4c
SHA1

8c3fedbf485e97f89b4b44955bd58159a4ff0811
SHA256

01320b475214dbdfa7782958986b96dfadedbf5d27c708ab3616d3cdf1be9b34
SHA512

a7cdbb1995d1da65b7b951243e4eeae36da3bf0ae301d0c7189de8c6655b7efe3d593e73411b0d6664aa628df01ff92d9808d188c3edde8a8f2ba21e4fec1e32
SSDEEP

6144:sg7O623NOV0G4qfK09ZbuouBi2HaAOL9Y2QqYCpZij33q:st629G0LqfK09jx97ijHq

Score

10^/10

redline bundle2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

bundle2

C2

65.21.5.58:24911

Attributes

auth_value
d9f9d4528fe5d7d9b08b5ca49403aef0

Targets

- Target
  
  01320b475214dbdfa7782958986b96dfadedbf5d27c708ab3616d3cdf1be9b34
- Size
  
  401KB
- MD5
  
  19a196e6f3b44ea54ac799f9d3b8bf4c
- SHA1
  
  8c3fedbf485e97f89b4b44955bd58159a4ff0811
- SHA256
  
  01320b475214dbdfa7782958986b96dfadedbf5d27c708ab3616d3cdf1be9b34
- SHA512
  
  a7cdbb1995d1da65b7b951243e4eeae36da3bf0ae301d0c7189de8c6655b7efe3d593e73411b0d6664aa628df01ff92d9808d188c3edde8a8f2ba21e4fec1e32
- SSDEEP
  
  6144:sg7O623NOV0G4qfK09ZbuouBi2HaAOL9Y2QqYCpZij33q:st629G0LqfK09jx97ijHq
Score

10^/10

redline bundle2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebundle2infostealerspyware