redline | 61a1cd94691b0e620eeb4ff4d424f48d07419b4de4ee27cfcadf2ee759b32004 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63342c1bdc321f6d9c5179d18c5cf326.exe
Size

355KB
Sample

221230-aq7wgsee66
MD5

63342c1bdc321f6d9c5179d18c5cf326
SHA1

fc9aed1a30b32efcf03a092dbb20a9fb4789bd07
SHA256

61a1cd94691b0e620eeb4ff4d424f48d07419b4de4ee27cfcadf2ee759b32004
SHA512

a615f51b2f2ea4b9c25e80998356c39537c3b6cce41f6e6fcac29b701f20f3f5511482d752154ab8b4193d75e6c4b1f3ca678ef4a1329e66ebe1cd7a8a61b76e
SSDEEP

6144:wco+Nypp0QGxJ1ryIj7AOII/xbwrTf1mwhEXv3zXbs1Jl:k+Nypp0QEp7aI/x0rl6PzXw1J

Score

10^/10

redline redline bot infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Redline Bot

C2

193.42.244.249:5514

Attributes

auth_value
dba2cba3a65b70477f54eb1d91e5f886

Targets

- Target
  
  63342c1bdc321f6d9c5179d18c5cf326.exe
- Size
  
  355KB
- MD5
  
  63342c1bdc321f6d9c5179d18c5cf326
- SHA1
  
  fc9aed1a30b32efcf03a092dbb20a9fb4789bd07
- SHA256
  
  61a1cd94691b0e620eeb4ff4d424f48d07419b4de4ee27cfcadf2ee759b32004
- SHA512
  
  a615f51b2f2ea4b9c25e80998356c39537c3b6cce41f6e6fcac29b701f20f3f5511482d752154ab8b4193d75e6c4b1f3ca678ef4a1329e66ebe1cd7a8a61b76e
- SSDEEP
  
  6144:wco+Nypp0QGxJ1ryIj7AOII/xbwrTf1mwhEXv3zXbs1Jl:k+Nypp0QEp7aI/x0rl6PzXw1J
Score

10^/10

redline redline bot infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineredline botinfostealerspyware

behavioral2

redlineredline botinfostealerspyware