redline | 86381eb1efdde385466fb1fdef13c934ad14d5a56c3ad5bff422096974c82621 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86381eb1efdde385466fb1fdef13c934ad14d5a56c3ad5bff422096974c82621
Size

277KB
Sample

230102-ep3ycsdd73
MD5

106649ab568c2448c5f20491de687c0e
SHA1

36fec9cc3c209d5b41478bb8ad89cee36d7745f8
SHA256

86381eb1efdde385466fb1fdef13c934ad14d5a56c3ad5bff422096974c82621
SHA512

3d449211571060629fd8ec398b5f3e88623272e44d401c34bd63c757af68e678fca5c44fc4913b60f979766dfe087c83fc56cb8d5456b1f425ae330be4dc0d37
SSDEEP

6144:SV3EqLOq6hd6eEmzSuVIPrJHb+M+Fx8KdDo29+rX:SV3JLOpzFVsr9Xk8KdDo2ArX

Score

10^/10

redline pub4 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes

auth_value
0da82ae70515a79fe7ddf40ce11d2c47

Targets

- Target
  
  86381eb1efdde385466fb1fdef13c934ad14d5a56c3ad5bff422096974c82621
- Size
  
  277KB
- MD5
  
  106649ab568c2448c5f20491de687c0e
- SHA1
  
  36fec9cc3c209d5b41478bb8ad89cee36d7745f8
- SHA256
  
  86381eb1efdde385466fb1fdef13c934ad14d5a56c3ad5bff422096974c82621
- SHA512
  
  3d449211571060629fd8ec398b5f3e88623272e44d401c34bd63c757af68e678fca5c44fc4913b60f979766dfe087c83fc56cb8d5456b1f425ae330be4dc0d37
- SSDEEP
  
  6144:SV3EqLOq6hd6eEmzSuVIPrJHb+M+Fx8KdDo29+rX:SV3JLOpzFVsr9Xk8KdDo2ArX
Score

10^/10

redline pub4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub4infostealerspyware