Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
Size

184KB
Sample

221225-w3461sfa7z
MD5

b03498cf5596ec6a2eab26b527ece469
SHA1

414c29e46197c4463c2223fb8442b8cde22b27a8
SHA256

d171d66c1e705d79d3e647292dfabdb9a9d74eb5d0f05f8c8712e3e404357798
SHA512

6ac8185375f5d30ac16c29f080a5dd405ef673df84e528cac817216162c4141a34f6072b594c13be3aed94be73a86e866ec1aeabf3ccdf0fe83a6d7f58244a4d
SSDEEP

3072:NOQUith0Y6AU4htVYoWl4P9ScqO8EQ+8zeNmDN6NJEgkQ2dCgpbrXKt1KLVAveBQ:MQUu0l74Z+4Plr9L8sMkudrbr6t1su2a

Score

10^/10

redline 11 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
- Size
  
  399KB
- MD5
  
  d93d1f0fdc7de7942f38b354bb098088
- SHA1
  
  51ee7137f7b9b7b76e2d70670cf1b334578d622f
- SHA256
  
  0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
- SHA512
  
  012e84599ea87a3eb0356f0748d2599f5046023e16c061d9b3c248b8c03dfbd60b9ad6b4014da10123f38ce2c2c60e470a42847c59f1fb7d10b212322896f8cb
- SSDEEP
  
  6144:8nTC5+E5GP8MSR4X3+trN99jUAOaz8n8o/tXDN:8nTC5+E5GP8Mj3Bwon8OTN
Score

10^/10

redline 11 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redline11infostealerspyware

behavioral2

redline11infostealerspyware