redline | 775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32 | Triage

Sharing

General

Target

775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
Size

399KB
Sample

221225-vjvykabg56
MD5

ac508206006eb41c605373e9793e7622
SHA1

3223ac24de6fd4650bbcf1495e73944085bc0e07
SHA256

775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
SHA512

9aa4d2d50a915919f1f238f0838636cfa6f7fc3e634508f5a110ac4097c919d9076753612af7c2e1c9013281ca4e1a209743560d2f0f01c8c9329c47b113ba2c
SSDEEP

6144:RXryh+05ufk0kBRgujnFTuSh9NjYAO8tkoFXs0dCIwWFVDN:RXryh+05ufk0kRjESimqoFXshIwWjN

Score

10^/10

redline 11 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
- Size
  
  399KB
- MD5
  
  ac508206006eb41c605373e9793e7622
- SHA1
  
  3223ac24de6fd4650bbcf1495e73944085bc0e07
- SHA256
  
  775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
- SHA512
  
  9aa4d2d50a915919f1f238f0838636cfa6f7fc3e634508f5a110ac4097c919d9076753612af7c2e1c9013281ca4e1a209743560d2f0f01c8c9329c47b113ba2c
- SSDEEP
  
  6144:RXryh+05ufk0kBRgujnFTuSh9NjYAO8tkoFXs0dCIwWFVDN:RXryh+05ufk0kRjESimqoFXshIwWjN
Score

10^/10

redline 11 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline11infostealerspyware