redline | 3edfada37ed37b34f4292f2dd1b7868f578c2e9639a62e753630fcfb511af10a | Triage

Sharing

General

Target

Office.rar
Size

4.9MB
Sample

221221-ysfrsagb7z
MD5

c0c2b8a109240aa23488e5045806b709
SHA1

99d6b5d4b21f155c8850213cf7b57bde976fe09b
SHA256

3edfada37ed37b34f4292f2dd1b7868f578c2e9639a62e753630fcfb511af10a
SHA512

1d1fd1578a284d797dd4e63bae1df05d4f6276e7a1b2b531f964bf48a8feda124b6fa6fd9571afe642218d732f7ca0d8ca9117feec182d5e894923ed07c58536
SSDEEP

98304:mwOHXIIToGgTh1Ec6jYdl7+y+Ywke8p6tGLrfPhhSQv7OGxcx4wNgxp:fyI2Cl/dUZqCMLrfPhci7OGyxhNg7

Score

10^/10

redline 071222_youtube infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

071222_youtube

C2

newmeta.makelog.org:10737

Attributes

auth_value
34d206cebf0fe398e291ff8c20b37b37

Targets

- Target
  
  ApplicationSetup.exe
- Size
  
  128.0MB
- MD5
  
  60ee531549f1d8f40c947c1c25de708c
- SHA1
  
  893bf49b923eefe5623e8911e574a3f0f9b0f06d
- SHA256
  
  6cbd68a14bf5c477faf6386b8d26c56595fed4e2a8acb66541d389fdd466b7cf
- SHA512
  
  af9811505c205f3aafe7fd5261c5753898a2e977750e8b0cdc8543978fedb41a2ab1d553bdc85cffa8b78bc4b699dc971ab01f0eaa847251115433985e02e96a
- SSDEEP
  
  196608:TPQ0KH/r+HRLsZdZw8JuOVGJRudWwTBh7wiMBQFOHS3nvSBrlY8L7e5D2OmtUrhy:6S+S
Score

10^/10

redline 071222_youtube infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline071222_youtubeinfostealerspyware