redline | 38d737c2316eebc28020d6335c232e26650b02a5bbeffedbbaab6cfc4320e856 | Triage

Resubmissions

18-12-2022 13:41

221218-qy67xsfa3x 10

18-12-2022 13:06

221218-qb442sca96 10

Sharing

General

Target

Filmora 11 cracked.zip
Size

12.0MB
Sample

221218-qb442sca96
MD5

457824149d1bab8f9f7a07b2450e8a6c
SHA1

0531488585ff4e85cc26b18fc3a8f81a0fe0ab43
SHA256

38d737c2316eebc28020d6335c232e26650b02a5bbeffedbbaab6cfc4320e856
SHA512

b538736b920127d5a25a13e0edfcd97d5ab4069f219c4468ed6e23974c7b227fc713d7e9fb46fff464e8d389007883244e2f21c56d56f400890eda7ba8b7798e
SSDEEP

393216:ZsCG4a77fQ2bD2rdViXnl/vQCVs2x9KPEgif5D9:2CG17nMdVs/42T/KPEgiB5

Score

10^/10

redline @masterphill777 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@MasterPhill777

C2

baaffanyela.xyz:80

Attributes

auth_value
7b951242e441c9181e48d90ff124870b

Targets

- Target
  
  filmora 11 installer.exe
- Size
  
  761.7MB
- MD5
  
  5692387dcee96573f7e755fb3c1e4916
- SHA1
  
  7eb0b240b2b52b2be88aa490e1ee5723d79e7e5e
- SHA256
  
  b0e6c95b4d24f894c92257cb9860b596e07a626c12433b0a2b0b1d690d6419f2
- SHA512
  
  ce7ce759445b56862629cf26599441d55747a1f0d7717d981ba399b00d04a9a4d35ec7320b0fd184ba2a60bb60feed5cb27e5a245f34af686427fe2332ca31fa
- SSDEEP
  
  3072:zOY3ienRBrLD3zAQADKqyNfr0heX0TWtqrxrxwmc5K41d31kn9xaUXsied/+:iYHd3cQAetYheMWH5K4i9xaqeg
Score

10^/10

redline @masterphill777 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@masterphill777infostealerspyware