redline | 3b43b8a3b9d9182a68d85d7a1e7a583084c4303257edb279e29cfe825d9b6a69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b43b8a3b9d9182a68d85d7a1e7a583084c4303257edb279e29cfe825d9b6a69
Size

398KB
Sample

221224-yrr4esdg2t
MD5

46b0bfb29f9f80b5d3acbd6296299396
SHA1

e453b0bcc73773f36739f3040e5e3dbeade08ae6
SHA256

3b43b8a3b9d9182a68d85d7a1e7a583084c4303257edb279e29cfe825d9b6a69
SHA512

fb89677f92c95be9a2782e3ca669d0ba7890d897cee04a60254779aba76fe274d1d20a546be6e03ae11ebdc65826a7868557a322756f8e9f9df8f4e610470d6c
SSDEEP

6144:gygxer6dluLigEBBY2o1FhZRVPjGAO/dMjMgwowxpZGqGP7:gygxer6dluLigEZoNZaJqP7

Score

10^/10

redline bundle infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

bundle

C2

65.21.5.58:24911

Attributes

auth_value
6ba39c71235c326fff2ec73530bea821

Targets

- Target
  
  3b43b8a3b9d9182a68d85d7a1e7a583084c4303257edb279e29cfe825d9b6a69
- Size
  
  398KB
- MD5
  
  46b0bfb29f9f80b5d3acbd6296299396
- SHA1
  
  e453b0bcc73773f36739f3040e5e3dbeade08ae6
- SHA256
  
  3b43b8a3b9d9182a68d85d7a1e7a583084c4303257edb279e29cfe825d9b6a69
- SHA512
  
  fb89677f92c95be9a2782e3ca669d0ba7890d897cee04a60254779aba76fe274d1d20a546be6e03ae11ebdc65826a7868557a322756f8e9f9df8f4e610470d6c
- SSDEEP
  
  6144:gygxer6dluLigEBBY2o1FhZRVPjGAO/dMjMgwowxpZGqGP7:gygxer6dluLigEZoNZaJqP7
Score

10^/10

redline bundle infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebundleinfostealerspyware