redline | 05fb5f1a49ac43d446022dd7b9950fef084c762c13781d962ba2fc9586c75ee0 | Triage

Sharing

General

Target

05fb5f1a49ac43d446022dd7b9950fef084c762c13781d962ba2fc9586c75ee0
Size

355KB
Sample

221229-ythmrsea72
MD5

c50d13b393ae472c7be05e79e519461a
SHA1

1c9dd14e22cbb3a11413fcd3096413f25f11cefa
SHA256

05fb5f1a49ac43d446022dd7b9950fef084c762c13781d962ba2fc9586c75ee0
SHA512

07eb002053854dfa722440992270d04c2a969fa96055f2c168dbcb269d23a82f258b838f484129117c9812570826658c19d4675d6961c94624a643cd01408d50
SSDEEP

6144:mco+Nypp0QGxJ1ryIj7AO6sk7NI9rPlDyjyMHl91s1Jl:W+Nypp0QEp78fah0yMHl9e1J

Score

10^/10

redline pub4 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes

auth_value
0da82ae70515a79fe7ddf40ce11d2c47

Targets

- Target
  
  05fb5f1a49ac43d446022dd7b9950fef084c762c13781d962ba2fc9586c75ee0
- Size
  
  355KB
- MD5
  
  c50d13b393ae472c7be05e79e519461a
- SHA1
  
  1c9dd14e22cbb3a11413fcd3096413f25f11cefa
- SHA256
  
  05fb5f1a49ac43d446022dd7b9950fef084c762c13781d962ba2fc9586c75ee0
- SHA512
  
  07eb002053854dfa722440992270d04c2a969fa96055f2c168dbcb269d23a82f258b838f484129117c9812570826658c19d4675d6961c94624a643cd01408d50
- SSDEEP
  
  6144:mco+Nypp0QGxJ1ryIj7AO6sk7NI9rPlDyjyMHl91s1Jl:W+Nypp0QEp78fah0yMHl9e1J
Score

10^/10

redline pub4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub4infostealerspyware