redline | 0243d888f8612b3f52fab2d600a5f55942723890238243d5d940763237dda0cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0243d888f8612b3f52fab2d600a5f55942723890238243d5d940763237dda0cb
Size

277KB
Sample

230101-tccb7sfc5z
MD5

96e0500af19b5d4ad42e867b4d840caa
SHA1

befbb9f21db7b7cdcafd0dadaef5e832d009827b
SHA256

0243d888f8612b3f52fab2d600a5f55942723890238243d5d940763237dda0cb
SHA512

d9634ef3dac17221fd21bfc79b34d16a531f61e1fc2e449dbacde448f6675d9095b9afc5230344771541a81fd3c2c4a51bc8aa697be920b521b6bc797a622fb5
SSDEEP

6144:0V3EqLOq6hd6eEmhVroxMfnH5ugJBHNi+40X:0V3JLOphiaHL540X

Score

10^/10

redline @zallllis infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@zallllis

C2

45.15.157.136:7429

Attributes

auth_value
819f274cbc0e7c8d89e811e4a9877964

Targets

- Target
  
  0243d888f8612b3f52fab2d600a5f55942723890238243d5d940763237dda0cb
- Size
  
  277KB
- MD5
  
  96e0500af19b5d4ad42e867b4d840caa
- SHA1
  
  befbb9f21db7b7cdcafd0dadaef5e832d009827b
- SHA256
  
  0243d888f8612b3f52fab2d600a5f55942723890238243d5d940763237dda0cb
- SHA512
  
  d9634ef3dac17221fd21bfc79b34d16a531f61e1fc2e449dbacde448f6675d9095b9afc5230344771541a81fd3c2c4a51bc8aa697be920b521b6bc797a622fb5
- SSDEEP
  
  6144:0V3EqLOq6hd6eEmhVroxMfnH5ugJBHNi+40X:0V3JLOphiaHL540X
Score

10^/10

redline @zallllis infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@zallllisinfostealerspyware