redline | 2f917c7224323ac3c9b7379d2876565adb9cf7b680c659c73158df8383e088b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f917c7224323ac3c9b7379d2876565adb9cf7b680c659c73158df8383e088b6
Size

389KB
Sample

221226-yrlawadg34
MD5

96899e6fa7dc6218295537f36a795b5d
SHA1

97a579c1238f27ef8e3282b2e0454c4afea48d37
SHA256

2f917c7224323ac3c9b7379d2876565adb9cf7b680c659c73158df8383e088b6
SHA512

9a8cfa7043df6a388b2db22d7a0780fdc59a788c4d8c07125a58e71f5116192eddac2229fefa43df0758ed120e49499ab1ed8b7776189df124ca090e92679401
SSDEEP

6144:8m4dxganzHlvVtNMGmHfuAKMpxSAOJ9M88/f2vT0ct8lP/4Ilbr9M:8tcanzHlvxMLShM88/fJctw/VlM

Score

10^/10

redline bunde2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

bunde2

C2

65.21.5.58:24911

Attributes

auth_value
fac6d788afc7ea9267b85bc08b54c40d

Targets

- Target
  
  2f917c7224323ac3c9b7379d2876565adb9cf7b680c659c73158df8383e088b6
- Size
  
  389KB
- MD5
  
  96899e6fa7dc6218295537f36a795b5d
- SHA1
  
  97a579c1238f27ef8e3282b2e0454c4afea48d37
- SHA256
  
  2f917c7224323ac3c9b7379d2876565adb9cf7b680c659c73158df8383e088b6
- SHA512
  
  9a8cfa7043df6a388b2db22d7a0780fdc59a788c4d8c07125a58e71f5116192eddac2229fefa43df0758ed120e49499ab1ed8b7776189df124ca090e92679401
- SSDEEP
  
  6144:8m4dxganzHlvVtNMGmHfuAKMpxSAOJ9M88/f2vT0ct8lP/4Ilbr9M:8tcanzHlvxMLShM88/fJctw/VlM
Score

10^/10

redline bunde2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebunde2infostealerspyware