Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
Size

403KB
Sample

221226-abss1scc73
MD5

949d963edbc7650225a54920c7f38bb2
SHA1

1a5436b35fab4c1cc7d02a2c67ae5cd49557b5f8
SHA256

afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
SHA512

fee8ab14d6d985809998fe27ab67d325daca83285c618378ffa0b1d19b4fd417819a03e2409cbc016b5d3d58e259b97b30f040696972820f1871b86cc9cf3cee
SSDEEP

6144:5HNZ37xo0++Wa/Jcupbq4C4a/Nn0AO5Q96/QjE0DqDB0tNB+ZiA/Sta:5Hf7xo0++Wa/J5EXGDoBJE

Score

10^/10

redline 11 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
- Size
  
  403KB
- MD5
  
  949d963edbc7650225a54920c7f38bb2
- SHA1
  
  1a5436b35fab4c1cc7d02a2c67ae5cd49557b5f8
- SHA256
  
  afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
- SHA512
  
  fee8ab14d6d985809998fe27ab67d325daca83285c618378ffa0b1d19b4fd417819a03e2409cbc016b5d3d58e259b97b30f040696972820f1871b86cc9cf3cee
- SSDEEP
  
  6144:5HNZ37xo0++Wa/Jcupbq4C4a/Nn0AO5Q96/QjE0DqDB0tNB+ZiA/Sta:5Hf7xo0++Wa/J5EXGDoBJE
Score

10^/10

redline 11 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redline11infostealerspyware