redline | 06782596a7672775d5d688df01e8885188c77c83f9104c5f3658adb2b938e542 | Triage

Sharing

General

Target

06782596a7672775d5d688df01e8885188c77c83f9104c5f3658adb2b938e542
Size

354KB
Sample

230104-jx5jdaab9w
MD5

647fb64586d767ff24a8cdf85790010f
SHA1

f86372eb32b073773b21d9c3bf3d4a60f20ca0db
SHA256

06782596a7672775d5d688df01e8885188c77c83f9104c5f3658adb2b938e542
SHA512

2238533e3958a164475eec73eb77c5c941c8aff6e94d4538fdd2fd181a446b435fd0c065824eebe34b9cdd62c58debe239906cee81ad183ce475e81c06c282b7
SSDEEP

6144:w4VTeo7l77jkCD+1or3VAO+8zgaX4GM8jwWYLF5N:bJeoKHWw8zlX08wW+F5

Score

10^/10

redline pub3 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub3

C2

89.22.231.25:45245

Attributes

auth_value
ffd0fd0d5630c2c573c643bde2ed50b3

Targets

- Target
  
  06782596a7672775d5d688df01e8885188c77c83f9104c5f3658adb2b938e542
- Size
  
  354KB
- MD5
  
  647fb64586d767ff24a8cdf85790010f
- SHA1
  
  f86372eb32b073773b21d9c3bf3d4a60f20ca0db
- SHA256
  
  06782596a7672775d5d688df01e8885188c77c83f9104c5f3658adb2b938e542
- SHA512
  
  2238533e3958a164475eec73eb77c5c941c8aff6e94d4538fdd2fd181a446b435fd0c065824eebe34b9cdd62c58debe239906cee81ad183ce475e81c06c282b7
- SSDEEP
  
  6144:w4VTeo7l77jkCD+1or3VAO+8zgaX4GM8jwWYLF5N:bJeoKHWw8zlX08wW+F5
Score

10^/10

redline pub3 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub3infostealerspyware