Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46
Size

184KB
Sample

221225-tave1abf98
MD5

277d20ee5e9f4a6ab62990441bd12e22
SHA1

15e08d7900176007c6983016df5808d5555c1ac3
SHA256

68925b75b27024c8188cc906db3437cb3b1d5a6c86809b23cb2c07b36033462b
SHA512

e1f9cb2045df4642c0898b1a7eaf94e3f097c171a017083a99e75ada8fe59915cfa6ed107e28080c57e22e478b811136d407db162341c2816adaeef45ef9c4a7
SSDEEP

3072:FCBQ/DLEJ/tXwGVDaoEtGLd0Rd18WWXth/aNj9IQGPy6919wxWFa1UPTEES11Z:FCBqLQfVitykDStxBP9jdMESLZ

Score

10^/10

redline 11 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46
- Size
  
  399KB
- MD5
  
  bfe25c9c2514b4ba420be5b8e04b2dcc
- SHA1
  
  0cb48b683468dfc76cf05388b2545ff5aa47f1e9
- SHA256
  
  6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46
- SHA512
  
  40d49271435fe135da48554c097bab14a3bf8481d471f1c31914edf01140ff6ceda9b6c59939b64da9020a7682e31be435fdc63450899ddde92b2016f92f1d4e
- SSDEEP
  
  6144:cnTC5+E5GP8MSR4X3+trN99jUAOufMQ03rNmcDN:cnTC5+E5GP8Mj3BsfMl5mcN
Score

10^/10

redline 11 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redline11infostealerspyware

behavioral2

redline11infostealerspyware