redline | b501be492ef7b03d0131412ee1158575a7a779af61ff60c87cbe55e16f3f8981 | Triage

Sharing

General

Target

b501be492ef7b03d0131412ee1158575a7a779af61ff60c87cbe55e16f3f8981
Size

145KB
Sample

220920-rbx66sdbd8
MD5

4e103f6646264d34328f014264c5d809
SHA1

0133bc71a9338837778976647c63bc761fba4906
SHA256

b501be492ef7b03d0131412ee1158575a7a779af61ff60c87cbe55e16f3f8981
SHA512

15b874147a7e7bb6b5e43a9fe57a771ba350413bd40e379c2f81303204c2389f88fa593d8fd83ac172632df353736265c82722360e81a09b875ad7e7c9b8224b
SSDEEP

3072:L2YdLm4457po35T+ci0cWgYauqdShy7mBBNx:1L52o3R+QJqDdgy7

Score

10^/10

redline smokeloader @aavecheckcrypto backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

@aavecheckcrypto

C2

5.182.36.101:31305

Attributes

auth_value
cfec012590be0965370e2399924bf33d

Targets

- Target
  
  b501be492ef7b03d0131412ee1158575a7a779af61ff60c87cbe55e16f3f8981
- Size
  
  145KB
- MD5
  
  4e103f6646264d34328f014264c5d809
- SHA1
  
  0133bc71a9338837778976647c63bc761fba4906
- SHA256
  
  b501be492ef7b03d0131412ee1158575a7a779af61ff60c87cbe55e16f3f8981
- SHA512
  
  15b874147a7e7bb6b5e43a9fe57a771ba350413bd40e379c2f81303204c2389f88fa593d8fd83ac172632df353736265c82722360e81a09b875ad7e7c9b8224b
- SSDEEP
  
  3072:L2YdLm4457po35T+ci0cWgYauqdShy7mBBNx:1L52o3R+QJqDdgy7
Score

10^/10

redline smokeloader @aavecheckcrypto backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloader@aavecheckcryptobackdoorinfostealerspywaretrojan