redline | 2d63e04f5e4cad715c71a925993248d53d2a14f9289efb9be2725479d41ab917 | Triage

Sharing

General

Target

1b593af8090548ec0dde5e4caf6f6f66.exe
Size

755KB
Sample

230323-17ffnsae38
MD5

1b593af8090548ec0dde5e4caf6f6f66
SHA1

68a50bafece742232199a75ed34e50b10407f3e9
SHA256

2d63e04f5e4cad715c71a925993248d53d2a14f9289efb9be2725479d41ab917
SHA512

0a95c4f8a9ac155157419d0ccb4ecce5672c0922e94451d34d337a77166d6a08ac1b1f8fc93fccb357f1deae4b43e5729b8f22a974f4d5eac86c5ebfd5a9157f
SSDEEP

12288:fsT8jeFG6sFwXAUL0J1o+4J1o+4J1o+4J1o+4J1o+4J1o+D:f6E76QwQUYyyyyy9

Score

10^/10

redline 15 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

15

C2

94.142.138.175:46919

Attributes

auth_value
41a7d046ed64a7174cc0fcdc3fd569b8

Targets

- Target
  
  1b593af8090548ec0dde5e4caf6f6f66.exe
- Size
  
  755KB
- MD5
  
  1b593af8090548ec0dde5e4caf6f6f66
- SHA1
  
  68a50bafece742232199a75ed34e50b10407f3e9
- SHA256
  
  2d63e04f5e4cad715c71a925993248d53d2a14f9289efb9be2725479d41ab917
- SHA512
  
  0a95c4f8a9ac155157419d0ccb4ecce5672c0922e94451d34d337a77166d6a08ac1b1f8fc93fccb357f1deae4b43e5729b8f22a974f4d5eac86c5ebfd5a9157f
- SSDEEP
  
  12288:fsT8jeFG6sFwXAUL0J1o+4J1o+4J1o+4J1o+4J1o+4J1o+D:f6E76QwQUYyyyyy9
Score

10^/10

redline 15 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline15infostealerspyware

behavioral2

redline15infostealerspyware