redline | 5e0785abbbf807afc984a87eed6739c071ae85c2025c1b5c44eaa4a6561c2b76 | Triage

Sharing

General

Target

b45c369861674c8d94c2249c1983488585904f21898330a3b435d9d5a5a6c5d1
Size

124KB
Sample

230103-d91s3ach2z
MD5

3e563a57d564aabc935df209fab7726e
SHA1

b2507e59a25674ced81dbdef5bed215d651b9389
SHA256

5e0785abbbf807afc984a87eed6739c071ae85c2025c1b5c44eaa4a6561c2b76
SHA512

bded17559641f7d5f777583fa80a303bcf24882968ead63e4d9d29aab591ebc83ffc318474125f401e77ee4dd2357a17e95a985fccfed688a43247e3a617cec6
SSDEEP

3072:Lqyr7tSAArTxlZQSC+B4OiiLgHbPz/NdOYBuQr0cu:n7SrTHZQaBtJgHbPzFP0cu

Score

10^/10

redline pub4 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes

auth_value
0da82ae70515a79fe7ddf40ce11d2c47

Targets

- Target
  
  b45c369861674c8d94c2249c1983488585904f21898330a3b435d9d5a5a6c5d1
- Size
  
  285KB
- MD5
  
  90c10a5ed9337bea9e9f7ba220d286c3
- SHA1
  
  c12914a4bba77df18707d96cb05991aa847d7487
- SHA256
  
  b45c369861674c8d94c2249c1983488585904f21898330a3b435d9d5a5a6c5d1
- SHA512
  
  c84946f98ba7e88445ab7738da694610f914087696f9839224f994770934ba22bf4501319d4789cef1bb63694c6bec35866d54518aae8efdbccbb7616e3c8880
- SSDEEP
  
  6144:KWd94PYZfJfeB76+rG2lL0BEWD1wjMSfsog4DCRl:KWd94PYRmGKYBEWhwbfbg4DCP
Score

10^/10

redline pub4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub4infostealerspyware

behavioral2

redlinepub4infostealerspyware