redline | 80d2af547d3a791b25c726348699a64dddee5296b312b3cf831df8f60b168a30 | Triage

Sharing

General

Target

file.7z
Size

4.3MB
Sample

230616-lavf1adh5x
MD5

40a79332c901e3e397bdd1804cdc1581
SHA1

f3d3ab2bea2381fbdba9a95b976791b0b5286689
SHA256

80d2af547d3a791b25c726348699a64dddee5296b312b3cf831df8f60b168a30
SHA512

084212ceb863c06ebdaea81377fb2b844b10e8452c6bedd3c42a36ae2966f01da644bd2ca009d13d24c94104892142ef69480e41a320c769a8e31fd453cc5e02
SSDEEP

98304:p4rg0CDBAOG5q7uON6GAZQXiOMFZKG6jpYYid9PyA:mJC+OGg7VEGziOMfkpYYidMA

Score

10^/10

redline @gramms_cc 14/06 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@gramms_CC 14/06

C2

5.42.64.70:45663

Attributes

auth_value
7415b604399dcb01a5a0788cf91d64ff

Targets

- Target
  
  123.exe
- Size
  
  704.3MB
- MD5
  
  8584416cd8d5c7095bd38831d775ae4b
- SHA1
  
  6bfa29983d6d5f345156a435ac52df25d2335b5c
- SHA256
  
  f5854b5b708d95d228d7c67643b4693d633f03515a5bcbcb69c995aac3bbe224
- SHA512
  
  4c4f04a5423b39d2d53aa6e6c513e45d71e73d7fee2d7ac388a02e198e1259e581d8177882dee26cc884b95e8eaa81776724470200772c4fd4d16d1fc3058fe8
- SSDEEP
  
  98304:mdDHuBJUPXfOZtVyqMLyut+vVxKaDOpZlehjfOeEhiG:+DHuBqvfQtAqMNyxpOIh4hiG
Score

10^/10

redline @gramms_cc 14/06 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@gramms_cc 14/06infostealerspyware

behavioral2

redline@gramms_cc 14/06infostealerspyware