redline | 0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2 | Triage

Sharing

General

Target

0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
Size

399KB
Sample

221225-nqy58sbd89
MD5

d93d1f0fdc7de7942f38b354bb098088
SHA1

51ee7137f7b9b7b76e2d70670cf1b334578d622f
SHA256

0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
SHA512

012e84599ea87a3eb0356f0748d2599f5046023e16c061d9b3c248b8c03dfbd60b9ad6b4014da10123f38ce2c2c60e470a42847c59f1fb7d10b212322896f8cb
SSDEEP

6144:8nTC5+E5GP8MSR4X3+trN99jUAOaz8n8o/tXDN:8nTC5+E5GP8Mj3Bwon8OTN

Score

10^/10

redline 11 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
- Size
  
  399KB
- MD5
  
  d93d1f0fdc7de7942f38b354bb098088
- SHA1
  
  51ee7137f7b9b7b76e2d70670cf1b334578d622f
- SHA256
  
  0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
- SHA512
  
  012e84599ea87a3eb0356f0748d2599f5046023e16c061d9b3c248b8c03dfbd60b9ad6b4014da10123f38ce2c2c60e470a42847c59f1fb7d10b212322896f8cb
- SSDEEP
  
  6144:8nTC5+E5GP8MSR4X3+trN99jUAOaz8n8o/tXDN:8nTC5+E5GP8Mj3Bwon8OTN
Score

10^/10

redline 11 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline11infostealerspyware