redline | 072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35 | Triage

Sharing

General

Target

072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35
Size

277KB
Sample

230102-jyjy3agh3z
MD5

4354797fd5248c92230121ec6a82d939
SHA1

7d1293d4c1ccee0736ac88951da8bc325abb82c0
SHA256

072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35
SHA512

f13580332683fa1485bb7ffe5de52a0d47f20c467cd077bd6606b20a052b9230045d7083d37bdcf8f2191c5a2478611d84f1c692a98e82d6d70c0d8680cb396f
SSDEEP

3072:jPjx0ADKrqLOwZzoXhdWgMeEdAngc13xa8SM3/zEWOiCoONUMaRXW+iX:TV3EqLOq6hd6eEmuPM3/gWOiBkSAX

Score

10^/10

redline pub4 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes

auth_value
0da82ae70515a79fe7ddf40ce11d2c47

Targets

- Target
  
  072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35
- Size
  
  277KB
- MD5
  
  4354797fd5248c92230121ec6a82d939
- SHA1
  
  7d1293d4c1ccee0736ac88951da8bc325abb82c0
- SHA256
  
  072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35
- SHA512
  
  f13580332683fa1485bb7ffe5de52a0d47f20c467cd077bd6606b20a052b9230045d7083d37bdcf8f2191c5a2478611d84f1c692a98e82d6d70c0d8680cb396f
- SSDEEP
  
  3072:jPjx0ADKrqLOwZzoXhdWgMeEdAngc13xa8SM3/zEWOiCoONUMaRXW+iX:TV3EqLOq6hd6eEmuPM3/gWOiBkSAX
Score

10^/10

redline pub4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub4infostealerspyware