redline | 39492736e783427a68a791ca3d17fa3bad096cda54846bbf54e53ab3bb0f2633 | Triage

Sharing

General

Target

6b8c79bb8e2a5131af6c122320f1dfa0de1672f6
Size

7.5MB
Sample

230103-hfqhfsad77
MD5

1eb2ae579489e4c883f85747a7d2c9fa
SHA1

6b8c79bb8e2a5131af6c122320f1dfa0de1672f6
SHA256

39492736e783427a68a791ca3d17fa3bad096cda54846bbf54e53ab3bb0f2633
SHA512

09566ef57edb4f3e16fc6fce66f672f9fe202779e637b9ad04e8b4d9a8b54bbbfe618fffe8b3a7fc68d15ae48449675089f40260ab09396a670bd5cfe2abab6c
SSDEEP

98304:4w6Tks8Ip9y88/gE1k8cIjNnoeXsU11HK3rt2avguB4et/vEw4KLOqcCLj1J1cNE:47Tks8I78bkKjNnjsU11g

Score

10^/10

redline universecity100 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

UniverseCity100

C2

80.89.228.168:5007

Attributes

auth_value
a16f64012f1825f5b9cc033dc35b580f

Targets

- Target
  
  6b8c79bb8e2a5131af6c122320f1dfa0de1672f6
- Size
  
  7.5MB
- MD5
  
  1eb2ae579489e4c883f85747a7d2c9fa
- SHA1
  
  6b8c79bb8e2a5131af6c122320f1dfa0de1672f6
- SHA256
  
  39492736e783427a68a791ca3d17fa3bad096cda54846bbf54e53ab3bb0f2633
- SHA512
  
  09566ef57edb4f3e16fc6fce66f672f9fe202779e637b9ad04e8b4d9a8b54bbbfe618fffe8b3a7fc68d15ae48449675089f40260ab09396a670bd5cfe2abab6c
- SSDEEP
  
  98304:4w6Tks8Ip9y88/gE1k8cIjNnoeXsU11HK3rt2avguB4et/vEw4KLOqcCLj1J1cNE:47Tks8I78bkKjNnjsU11g
Score

10^/10

redline universecity100 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineuniversecity100infostealerspyware

behavioral2

redlineuniversecity100infostealerspyware