redline | a943cf4015c9f16552c0530f19c462c014f7ed73b09406c81366a28e69361462 | Triage

Sharing

General

Target

a943cf4015c9f16552c0530f19c462c014f7ed73b09406c81366a28e69361462
Size

386KB
Sample

221223-yrajdacc81
MD5

d51945ae5d127eb5451af235da84e6ec
SHA1

02d33cb57e43490832df97d34cdb6f111229eb96
SHA256

a943cf4015c9f16552c0530f19c462c014f7ed73b09406c81366a28e69361462
SHA512

7300cf8a86b6506fec2add8c2071a5765787ef84d438289a98541657b593300c5e96495aa1c623533bc28ac4671bcc2e9ce26f1a55d75b2825cf7677ed65b325
SSDEEP

6144:45lLR47vYWl9sPLr732DOAOYl89a5SiStYJ7vFs0l:4DLe7vYWURWOgSiSS5l

Score

10^/10

redline bundle2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

bundle2

C2

65.21.5.58:24911

Attributes

auth_value
d9f9d4528fe5d7d9b08b5ca49403aef0

Targets

- Target
  
  a943cf4015c9f16552c0530f19c462c014f7ed73b09406c81366a28e69361462
- Size
  
  386KB
- MD5
  
  d51945ae5d127eb5451af235da84e6ec
- SHA1
  
  02d33cb57e43490832df97d34cdb6f111229eb96
- SHA256
  
  a943cf4015c9f16552c0530f19c462c014f7ed73b09406c81366a28e69361462
- SHA512
  
  7300cf8a86b6506fec2add8c2071a5765787ef84d438289a98541657b593300c5e96495aa1c623533bc28ac4671bcc2e9ce26f1a55d75b2825cf7677ed65b325
- SSDEEP
  
  6144:45lLR47vYWl9sPLr732DOAOYl89a5SiStYJ7vFs0l:4DLe7vYWURWOgSiSS5l
Score

10^/10

redline bundle2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebundle2infostealerspyware