redline | 313aca03267e906ae7bfe3c301531ce52eb14de8e9d6795bf59333131c9fec6b | Triage

Sharing

General

Target

ea24a2e9bec5bcfefd488a6c94adf1a1.exe
Size

302KB
Sample

230107-pjba9sgh4w
MD5

ea24a2e9bec5bcfefd488a6c94adf1a1
SHA1

d35b083a57b4c19ce9bdaf0dac04d2cad65fb1a6
SHA256

313aca03267e906ae7bfe3c301531ce52eb14de8e9d6795bf59333131c9fec6b
SHA512

041f876cf2cf3252019ae4b25c6ef3e7ee24f57485448c76b967d7e91d4ce3c922738a91a8a657be668b05d985b41d12d727679cc93678824a28d54536ad58b6
SSDEEP

6144:fZ3MO7aCyBB2e09D5sUtm96WZd+EntlX:fZ3t7aSDep6edLntlX

Score

10^/10

redline 1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

45.95.67.7:22452

Attributes

auth_value
d7d1ef4c0206b49020a211fd34cd5aee

Targets

- Target
  
  ea24a2e9bec5bcfefd488a6c94adf1a1.exe
- Size
  
  302KB
- MD5
  
  ea24a2e9bec5bcfefd488a6c94adf1a1
- SHA1
  
  d35b083a57b4c19ce9bdaf0dac04d2cad65fb1a6
- SHA256
  
  313aca03267e906ae7bfe3c301531ce52eb14de8e9d6795bf59333131c9fec6b
- SHA512
  
  041f876cf2cf3252019ae4b25c6ef3e7ee24f57485448c76b967d7e91d4ce3c922738a91a8a657be668b05d985b41d12d727679cc93678824a28d54536ad58b6
- SSDEEP
  
  6144:fZ3MO7aCyBB2e09D5sUtm96WZd+EntlX:fZ3t7aSDep6edLntlX
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1infostealerspyware

behavioral2

redline1infostealerspyware