redline | 9c64bca70fe75187dcac8bc03ef05667def8947f114a82bccf8b3928c36a067b | Triage

Sharing

General

Target

9c64bca70fe75187dcac8bc03ef05667def8947f114a82bccf8b3928c36a067b
Size

356KB
Sample

221229-yrmhyahc7y
MD5

d01308e5e8cee3a13256d3ed82fea342
SHA1

e8bc3bb6d0cb740997157abff9dc6a197ffb0582
SHA256

9c64bca70fe75187dcac8bc03ef05667def8947f114a82bccf8b3928c36a067b
SHA512

a4c3ba925223ebc037f8624d396a65a4dab76f6252fb32b404111763ae8377ddeae3645b30b2c2be9999d7e4c0192b1b205f0357c4f7262904a57a0347a77c5f
SSDEEP

6144:dcOeNahNPMQWRBlTywS7AOIJm7lMMn6P86kVZ9s1Jl:neNahxMQs473bn6E6k61J

Score

10^/10

redline redline bot infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Redline Bot

C2

193.42.244.249:5514

Attributes

auth_value
dba2cba3a65b70477f54eb1d91e5f886

Targets

- Target
  
  9c64bca70fe75187dcac8bc03ef05667def8947f114a82bccf8b3928c36a067b
- Size
  
  356KB
- MD5
  
  d01308e5e8cee3a13256d3ed82fea342
- SHA1
  
  e8bc3bb6d0cb740997157abff9dc6a197ffb0582
- SHA256
  
  9c64bca70fe75187dcac8bc03ef05667def8947f114a82bccf8b3928c36a067b
- SHA512
  
  a4c3ba925223ebc037f8624d396a65a4dab76f6252fb32b404111763ae8377ddeae3645b30b2c2be9999d7e4c0192b1b205f0357c4f7262904a57a0347a77c5f
- SSDEEP
  
  6144:dcOeNahNPMQWRBlTywS7AOIJm7lMMn6P86kVZ9s1Jl:neNahxMQs473bn6E6k61J
Score

10^/10

redline redline bot infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineredline botinfostealerspyware