redline | 882c10d3523f6e5060248ec72183a1e8fee42122f2688958c3fe27404bb9119c | Triage

Sharing

General

Target

file.exe
Size

292KB
Sample

230327-qbgzhsff2s
MD5

ad1ff967c5ea7d2c78e48c2782c59b5f
SHA1

8bae7900f4b59f18f8468fd4c979882c2add36f8
SHA256

882c10d3523f6e5060248ec72183a1e8fee42122f2688958c3fe27404bb9119c
SHA512

f33e9a859b2afab9062534d4e05ebb20aeb1563e97335dab8dd9cfc5ca83b867dc4476173348e679b03f4df39b3c38d75601f7067363d8254cb761650b4aae81
SSDEEP

3072:JxuFjXVCnN9/OnkGZLaSCFy9ChX6XIHGMGyv1whEwr3BpY8eLa0TqlQij/tqgIax:J8ZUN3ALa++q4vvwr3Bppe5qqiRqg

Score

10^/10

redline pushka6 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

pushka6

C2

176.123.9.142:14845

Attributes

auth_value
6f874eb6bb4aec568dfa7c320c6ee354

Targets

- Target
  
  file.exe
- Size
  
  292KB
- MD5
  
  ad1ff967c5ea7d2c78e48c2782c59b5f
- SHA1
  
  8bae7900f4b59f18f8468fd4c979882c2add36f8
- SHA256
  
  882c10d3523f6e5060248ec72183a1e8fee42122f2688958c3fe27404bb9119c
- SHA512
  
  f33e9a859b2afab9062534d4e05ebb20aeb1563e97335dab8dd9cfc5ca83b867dc4476173348e679b03f4df39b3c38d75601f7067363d8254cb761650b4aae81
- SSDEEP
  
  3072:JxuFjXVCnN9/OnkGZLaSCFy9ChX6XIHGMGyv1whEwr3BpY8eLa0TqlQij/tqgIax:J8ZUN3ALa++q4vvwr3Bppe5qqiRqg
Score

10^/10

redline pushka6 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepushka6infostealerspyware

behavioral2

redlinepushka6infostealerspyware