redline | c0de3820d44c7aebc56f12be217cab5c5b758344750e73e1288f42e0f373f038 | Triage

Sharing

General

Target

file.exe
Size

2MB
Sample

230805-1q2mkseh55
MD5

f28730f469220391b679e575a48ddb0b
SHA1

d5863273efdb0e7e61007c4907441ce957e4f98a
SHA256

c0de3820d44c7aebc56f12be217cab5c5b758344750e73e1288f42e0f373f038
SHA512

667ed7bf96fa21b992889c02d95e2076e8417a7617b7767049a2c87ed668e1c189ecfc3c302d30b7a202d9abb93d8320a532ba018ff382bcb98cc96e53fe1327
SSDEEP

49152:VakDcq59geuk/NJW1BN0gQcI3EahBrZPTaZzn0WI78:09q5taPygQcI3EahBrNY/r

Score

10^/10

redline 1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

45.88.3.253:26313

Attributes

auth_value
7280f9eb4f47693041f9f7d1fafe3acf

Targets

- Target
  
  file.exe
- Size
  
  2MB
- MD5
  
  f28730f469220391b679e575a48ddb0b
- SHA1
  
  d5863273efdb0e7e61007c4907441ce957e4f98a
- SHA256
  
  c0de3820d44c7aebc56f12be217cab5c5b758344750e73e1288f42e0f373f038
- SHA512
  
  667ed7bf96fa21b992889c02d95e2076e8417a7617b7767049a2c87ed668e1c189ecfc3c302d30b7a202d9abb93d8320a532ba018ff382bcb98cc96e53fe1327
- SSDEEP
  
  49152:VakDcq59geuk/NJW1BN0gQcI3EahBrZPTaZzn0WI78:09q5taPygQcI3EahBrNY/r
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline1infostealerspyware

behavioral2

redline1infostealerspyware