redline | a3ecc5b6aafbe778ae130f33948beffba5f61d6797d5a6e9e7b778cfa4892e0b | Triage

Sharing

General

Target

f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4
Size

180KB
Sample

221224-rwvxjsdc8t
MD5

4020fc62b5095747d935a455d0c98d7f
SHA1

879dcac6fac27cff0b0c43b9a1ec448bcb4416ee
SHA256

a3ecc5b6aafbe778ae130f33948beffba5f61d6797d5a6e9e7b778cfa4892e0b
SHA512

33978fc98771f5b6287fc82c7572f88f506cfacad3ff8a77239e8ec9f552c5828df0ff308b4b0de516929b8b0c8f48281113d70229fd429eb3e242b316ba9bf1
SSDEEP

3072:BrMCzEJNxWOJbmQwYV6dstScl9rayVEWzEH6r1kKpLc0Dm:Brz4Ikfw7mrayVEWzES1/pY0Dm

Score

10^/10

redline 11 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4
- Size
  
  386KB
- MD5
  
  70d95ececad9aebf59ef9598eec18995
- SHA1
  
  f800e90809fe75cb933e7cfe4ac20d959c199e1c
- SHA256
  
  f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4
- SHA512
  
  91c87e83e2c10d9ef55b17c02641540e0a31a0152050c7b1f672c961f0ed0e30215215eb14f22193471107a23f117ab7012771f48b232ed8e3e90d2e53513ee7
- SSDEEP
  
  6144:vRQUMd4UvkL5kDhOM232DeAODGU0dSrTLMA6zJaAjgl:vRRMyUvkLk2Rvo6MAv/l
Score

10^/10

redline 11 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline11infostealerspyware

behavioral2

redline11infostealerspyware