redline | 2a0e09e83a2f7198f6a9595d957dfcf0dcdf86a1c65ef4211c50eb15dd4ad598 | Triage

Sharing

General

Target

SoftwareSetupFile.exe
Size

2.5MB
Sample

221203-hh292ada27
MD5

7106bab16ae64b7f9bed1b90a2bbf03f
SHA1

ac6fae9627cf58654bc167bd63432111be9fd71e
SHA256

2a0e09e83a2f7198f6a9595d957dfcf0dcdf86a1c65ef4211c50eb15dd4ad598
SHA512

01cc49a5e6df8c6dfe197d4b638e60313b11f0efb016be29c457dc00ea5690c8d047c56cbff9f0c4a4a9c1b1b135dd2f7d2ccf4ca53856d398444d47368176e5
SSDEEP

24576:pI3cT50k2PYbtJcLQ/KpE2lcpZCyphghPUuZLxNjcFttg7qFCMSrOfBFJm4kazYc:E3qCs/AE2lhhsa1N8/FKeFJm4vAKjv

Score

10^/10

redline jiguli2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

jiguli2

C2

78.47.191.142:63772

Attributes

auth_value
8885b314866def6ca43d3df3c4c20819

Targets

- Target
  
  SoftwareSetupFile.exe
- Size
  
  2.5MB
- MD5
  
  7106bab16ae64b7f9bed1b90a2bbf03f
- SHA1
  
  ac6fae9627cf58654bc167bd63432111be9fd71e
- SHA256
  
  2a0e09e83a2f7198f6a9595d957dfcf0dcdf86a1c65ef4211c50eb15dd4ad598
- SHA512
  
  01cc49a5e6df8c6dfe197d4b638e60313b11f0efb016be29c457dc00ea5690c8d047c56cbff9f0c4a4a9c1b1b135dd2f7d2ccf4ca53856d398444d47368176e5
- SSDEEP
  
  24576:pI3cT50k2PYbtJcLQ/KpE2lcpZCyphghPUuZLxNjcFttg7qFCMSrOfBFJm4kazYc:E3qCs/AE2lhhsa1N8/FKeFJm4vAKjv
Score

10^/10

redline jiguli2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinejiguli2infostealerspyware