redline | c6451d9603a0aa1a031f1a76daf0002b1bcdda506c3cdf3b87028ab5a1f393be | Triage

Sharing

General

Target

file.exe
Size

564KB
Sample

230123-sn192afd7z
MD5

323070f8d2628f1ea51c17a5082a81c3
SHA1

3391c842ceeaa9d36fc18c0205920c0d0b25298a
SHA256

c6451d9603a0aa1a031f1a76daf0002b1bcdda506c3cdf3b87028ab5a1f393be
SHA512

96ea53068ddf4316436318a542c6305fefab452c4c65b888e5de9d7e85ce2641ecfc743fae71607bbb57ee72533092720014e1745b3b7b15f7d58384997d57dd
SSDEEP

12288:BzHH80N2+U/d3jQHfxMbiiqNqL4mzgH+S1v32c2zuuaefkvZAIw:BzHH80N2+U13jQHfc0qLa+SV2cwuufkO

Score

10^/10

redline andriii_ff infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Andriii_ff

C2

185.244.181.112:33056

Attributes

auth_value
0318e100e6da39f286482d897715196b

Targets

- Target
  
  file.exe
- Size
  
  564KB
- MD5
  
  323070f8d2628f1ea51c17a5082a81c3
- SHA1
  
  3391c842ceeaa9d36fc18c0205920c0d0b25298a
- SHA256
  
  c6451d9603a0aa1a031f1a76daf0002b1bcdda506c3cdf3b87028ab5a1f393be
- SHA512
  
  96ea53068ddf4316436318a542c6305fefab452c4c65b888e5de9d7e85ce2641ecfc743fae71607bbb57ee72533092720014e1745b3b7b15f7d58384997d57dd
- SSDEEP
  
  12288:BzHH80N2+U/d3jQHfxMbiiqNqL4mzgH+S1v32c2zuuaefkvZAIw:BzHH80N2+U13jQHfc0qLa+SV2cwuufkO
Score

10^/10

redline andriii_ff infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlineandriii_ffinfostealerspyware