redline | c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db | Triage

Sharing

General

Target

c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db
Size

354KB
Sample

230104-tjsmrsca7w
MD5

0a7abae3ad10992088d18900ce46b028
SHA1

721fbb3899b3715f0e0a0d8c9b4b4010698a6dd4
SHA256

c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db
SHA512

a3d9682da8b8226c084e0d4ef292cceffdea2798fb6be74aeb978530eda5bcad39e21307f1fc378c65da215770c3e5a321470480ab97a44b0cc294db76a85751
SSDEEP

6144:uBCl5mIuQVNkMG2Ui1TNVAOj6/Wx72Lkc9kALq5T:YCTmIpGCNJey9c9pq5

Score

10^/10

redline pub2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes

auth_value
ea9464d486a641bb513057e5f63399e1

Targets

- Target
  
  c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db
- Size
  
  354KB
- MD5
  
  0a7abae3ad10992088d18900ce46b028
- SHA1
  
  721fbb3899b3715f0e0a0d8c9b4b4010698a6dd4
- SHA256
  
  c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db
- SHA512
  
  a3d9682da8b8226c084e0d4ef292cceffdea2798fb6be74aeb978530eda5bcad39e21307f1fc378c65da215770c3e5a321470480ab97a44b0cc294db76a85751
- SSDEEP
  
  6144:uBCl5mIuQVNkMG2Ui1TNVAOj6/Wx72Lkc9kALq5T:YCTmIpGCNJey9c9pq5
Score

10^/10

redline pub2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub2infostealerspyware