redline | 2a822b97c6440e0778a6cad7e587fb9625dd6ce1d89ddbe457a9a12eedf2d1a0 | Triage

Sharing

General

Target

2a822b97c6440e0778a6cad7e587fb9625dd6ce1d89ddbe457a9a12eedf2d1a0
Size

354KB
Sample

230104-e5hblahb4t
MD5

0055e08b764c39324408e8e9ae3314ee
SHA1

d9c95d1234e52c0df1f1e0421811916a555036d3
SHA256

2a822b97c6440e0778a6cad7e587fb9625dd6ce1d89ddbe457a9a12eedf2d1a0
SHA512

cfc4f4cec1f143cdd72aa8855d51021fcbf1b8090af730ea7d1e461829d044e0ef78e178fa16c7ce6828ac395de88fac01cb336e7337136610e4b9b8171c8f72
SSDEEP

6144:9IbTupLlr7T0SDe14rx1AOo4h6Qe7iyPWhMnPaC/LF5N:Gnupq3g5CpMCzF5

Score

10^/10

redline logss infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

logss

C2

194.180.48.225:80

Attributes

auth_value
b71d7809b599c8f72a0833349911b233

Targets

- Target
  
  2a822b97c6440e0778a6cad7e587fb9625dd6ce1d89ddbe457a9a12eedf2d1a0
- Size
  
  354KB
- MD5
  
  0055e08b764c39324408e8e9ae3314ee
- SHA1
  
  d9c95d1234e52c0df1f1e0421811916a555036d3
- SHA256
  
  2a822b97c6440e0778a6cad7e587fb9625dd6ce1d89ddbe457a9a12eedf2d1a0
- SHA512
  
  cfc4f4cec1f143cdd72aa8855d51021fcbf1b8090af730ea7d1e461829d044e0ef78e178fa16c7ce6828ac395de88fac01cb336e7337136610e4b9b8171c8f72
- SSDEEP
  
  6144:9IbTupLlr7T0SDe14rx1AOo4h6Qe7iyPWhMnPaC/LF5N:Gnupq3g5CpMCzF5
Score

10^/10

redline logss infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogssinfostealerspyware

behavioral2

redlinelogssinfostealerspyware