redline | 5a37399feb2eebccfcb6268fcf8ed8bc1e3243ec0797daa5a6d8a4cdc993129f | Triage

Sharing

General

Target

file.exe
Size

430KB
Sample

230601-me42nsdg33
MD5

38590b49503ebe86502c9418f11e7458
SHA1

9014f82d54690aaa6e0a8d602933ec6b79ce2a91
SHA256

5a37399feb2eebccfcb6268fcf8ed8bc1e3243ec0797daa5a6d8a4cdc993129f
SHA512

5d9a99832f4b56a94514c2c814e0d9fd4c82cd39782d0c2ac6d83b476227091bdbdd27a4d45568cc5e2ee7f5763cf6a4030d0cbfed4c52cf635dacae64468dc7
SSDEEP

6144:2prkauGpxdr+Q/BsWkrjr6dCJ77cIniSSSPauIvt9gINkSVvVERuAXJunb6:2pIuh+YBnEXTdPauUgINzFVERuAXb

Score

10^/10

redline instals infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

Instals

C2

89.23.97.107:8086

Attributes

auth_value
8a82a3c9eb67dfb581f57e3f2c7aefe6

Targets

- Target
  
  file.exe
- Size
  
  430KB
- MD5
  
  38590b49503ebe86502c9418f11e7458
- SHA1
  
  9014f82d54690aaa6e0a8d602933ec6b79ce2a91
- SHA256
  
  5a37399feb2eebccfcb6268fcf8ed8bc1e3243ec0797daa5a6d8a4cdc993129f
- SHA512
  
  5d9a99832f4b56a94514c2c814e0d9fd4c82cd39782d0c2ac6d83b476227091bdbdd27a4d45568cc5e2ee7f5763cf6a4030d0cbfed4c52cf635dacae64468dc7
- SSDEEP
  
  6144:2prkauGpxdr+Q/BsWkrjr6dCJ77cIniSSSPauIvt9gINkSVvVERuAXJunb6:2pIuh+YBnEXTdPauUgINzFVERuAXb
Score

10^/10

redline instals infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinstalsinfostealer

behavioral2

redlineinstalsinfostealerspyware