redline | 54ec09c94cad8063383f7ada6d865a66ba1003307e16f4da6bb5417225461dfd | Triage

Sharing

General

Target

file
Size

295KB
Sample

230327-1yz4qafe35
MD5

66cc39066025dca6a6e5e6d50cb8a7a3
SHA1

488423737bc8e626a4b8f460c9f52f1f7b1f91b2
SHA256

54ec09c94cad8063383f7ada6d865a66ba1003307e16f4da6bb5417225461dfd
SHA512

eaf7839d6b3f02c90562bf99c5607912ed0f09b076f6404a9fa96b0f6eb9360219fb60ee0d695788fa9499fa3b120a5b64d56233d1522b0e541eb47c22ab8583
SSDEEP

3072:4U1eLwDEgPVolVANyXtQ15lnJhP7Rt9rW+RVWS6L8RKVS/PwfUL6L5RR26l11UqO:649o7tQflLP7RtJWkVWS6sdPzj

Score

10^/10

redline pushka7 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pushka7

C2

176.123.9.142:14845

Attributes

auth_value
630452b2bed54a95b6c67c741b1c401a

Targets

- Target
  
  file
- Size
  
  295KB
- MD5
  
  66cc39066025dca6a6e5e6d50cb8a7a3
- SHA1
  
  488423737bc8e626a4b8f460c9f52f1f7b1f91b2
- SHA256
  
  54ec09c94cad8063383f7ada6d865a66ba1003307e16f4da6bb5417225461dfd
- SHA512
  
  eaf7839d6b3f02c90562bf99c5607912ed0f09b076f6404a9fa96b0f6eb9360219fb60ee0d695788fa9499fa3b120a5b64d56233d1522b0e541eb47c22ab8583
- SSDEEP
  
  3072:4U1eLwDEgPVolVANyXtQ15lnJhP7Rt9rW+RVWS6L8RKVS/PwfUL6L5RR26l11UqO:649o7tQflLP7RtJWkVWS6sdPzj
Score

10^/10

redline pushka7 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepushka7infostealerspyware

behavioral2

redlinepushka7infostealerspyware