redline | d68bb99730d06944c0b793064a2c7a1e43d22ed582d2091e9bdad5e1db406e72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d68bb99730d06944c0b793064a2c7a1e43d22ed582d2091e9bdad5e1db406e72
Size

354KB
Sample

230105-jztvnabd22
MD5

f4320bc4478e64dcd66e1a06876fcf72
SHA1

c1ab1de451a852d4e7fdd8a9342ec259ed41ca72
SHA256

d68bb99730d06944c0b793064a2c7a1e43d22ed582d2091e9bdad5e1db406e72
SHA512

38926c49987105c4cf8de408df2e60bf2ae8ee98d1096029de482e71b4cbe11df3f44616f42bf3a2a23ce71891659df54cf9c24938cb7b45aaf6ba19a979d99a
SSDEEP

6144:tTLeCw46m6vHuvp1U3EJAO3MlhFZXGrxwEbhra5/:tSCw5UjJxC2reua5

Score

10^/10

redline pub4 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes

auth_value
0da82ae70515a79fe7ddf40ce11d2c47

Targets

- Target
  
  d68bb99730d06944c0b793064a2c7a1e43d22ed582d2091e9bdad5e1db406e72
- Size
  
  354KB
- MD5
  
  f4320bc4478e64dcd66e1a06876fcf72
- SHA1
  
  c1ab1de451a852d4e7fdd8a9342ec259ed41ca72
- SHA256
  
  d68bb99730d06944c0b793064a2c7a1e43d22ed582d2091e9bdad5e1db406e72
- SHA512
  
  38926c49987105c4cf8de408df2e60bf2ae8ee98d1096029de482e71b4cbe11df3f44616f42bf3a2a23ce71891659df54cf9c24938cb7b45aaf6ba19a979d99a
- SSDEEP
  
  6144:tTLeCw46m6vHuvp1U3EJAO3MlhFZXGrxwEbhra5/:tSCw5UjJxC2reua5
Score

10^/10

redline pub4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub4infostealerspyware