redline | 45cd85d238a6fd6b0f760c2c418f729a47084304da890dbe2f85fdb7cc4f49ff | Triage

Sharing

General

Target

45cd85d238a6fd6b0f760c2c418f729a47084304da890dbe2f85fdb7cc4f49ff
Size

288KB
Sample

221230-xa6ptagc34
MD5

812993196ef9efb332aa31f6c5278479
SHA1

c48c8affceb580314a60957f4d119457122d7bcc
SHA256

45cd85d238a6fd6b0f760c2c418f729a47084304da890dbe2f85fdb7cc4f49ff
SHA512

a5349a98193df840ecc106b0e78c90d66246dc914587e8a40754c2a32cfb4a1e922da5180711e8ea75881af9fedd196d589d95f368d6460326990eae68e17f39
SSDEEP

6144:Y5biLlyhXDWxbxMhqugbeco5oFUxx3E5:YQUhXDWlmfj

Score

10^/10

redline smokeloader pub2 redline bot backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

Redline Bot

C2

193.42.244.249:5514

Attributes

auth_value
dba2cba3a65b70477f54eb1d91e5f886

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes

auth_value
ea9464d486a641bb513057e5f63399e1

Targets

- Target
  
  45cd85d238a6fd6b0f760c2c418f729a47084304da890dbe2f85fdb7cc4f49ff
- Size
  
  288KB
- MD5
  
  812993196ef9efb332aa31f6c5278479
- SHA1
  
  c48c8affceb580314a60957f4d119457122d7bcc
- SHA256
  
  45cd85d238a6fd6b0f760c2c418f729a47084304da890dbe2f85fdb7cc4f49ff
- SHA512
  
  a5349a98193df840ecc106b0e78c90d66246dc914587e8a40754c2a32cfb4a1e922da5180711e8ea75881af9fedd196d589d95f368d6460326990eae68e17f39
- SSDEEP
  
  6144:Y5biLlyhXDWxbxMhqugbeco5oFUxx3E5:YQUhXDWlmfj
Score

10^/10

redline smokeloader pub2 redline bot backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloaderpub2redline botbackdoorinfostealerspywaretrojan