redline | b2ecf0ed4b380ac43e18582a7fe53bbe8d7f8a408c787efc08dac933c90099e2 | Triage

Sharing

General

Target

e80944ad1b3d3757b5f097275ff7aa71.bin
Size

203KB
Sample

230610-c2pv6aea94
MD5

600e26267934643b3f93c82d64bd7205
SHA1

28b3a9d36a9332efbb357286107204f9daa0d122
SHA256

b2ecf0ed4b380ac43e18582a7fe53bbe8d7f8a408c787efc08dac933c90099e2
SHA512

d0571edb3f5de2ae1840ea91195973fbc93e38b0800223cea454859e0cf60be6f94f4d4fcfde439dc23825535811408c368f1169463881033e3ff62012d6b540
SSDEEP

3072:k+emajWGfsSDObaUuxnkjZLs3pUe8vp+KqdSf/r4qT+MARsRYSCeiQBP64dBo5:Zw9amWjZLs3mZaKt+3RsuciQs4ds

Score

10^/10

redline vcxz infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

vcxz

C2

185.244.181.112:39640

Attributes

auth_value
c3f64556104479e612e28b2f8aaf39e5

Targets

- Target
  
  d322cd714f9a91593e01dfe061b4b6983cf70c4b9e2321dcd45a55ffa79303c8.exe
- Size
  
  1.0MB
- MD5
  
  e80944ad1b3d3757b5f097275ff7aa71
- SHA1
  
  6271aaebc264ba1c6e42c9a7d109270eaeac52ce
- SHA256
  
  d322cd714f9a91593e01dfe061b4b6983cf70c4b9e2321dcd45a55ffa79303c8
- SHA512
  
  11284c5d8030114f228e9fe7b73d70f56dbe362c399728284d50b324131579ef049593db4315107a533ee5945b997b77d235ae921a3cd0be44d1b5a038c37dbd
- SSDEEP
  
  6144:iwZTqmvKC3kd49fAzyym05F7vfbAOsolBoQBV3Kf6Ww5LNZfT3wPY6kuYw:iWqmSOky9fAzTOu46WwL1whpYw
Score

10^/10

redline vcxz infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinevcxzinfostealerspyware