redline | 4941d8199594001ad08541cbb238ac3954122f69ef7a650d3d9f9701ba2b7058 | Triage

Sharing

General

Target

file
Size

331KB
Sample

230414-v2sk6acd4z
MD5

5b05974cfe2155fe5f22dda4de2dc7bf
SHA1

ef9e5bb4591498da3e1b4f3766d6c220b117bb49
SHA256

4941d8199594001ad08541cbb238ac3954122f69ef7a650d3d9f9701ba2b7058
SHA512

bb841919373f1e6db4cb219987dc1f75ebbb1621d2e9cc9a017e09797b3958f9c70c9b28e9320281599b1e206a817e796b6db2a40c0891d9a398014a4fe1437e
SSDEEP

6144:eZifmtAhnZC3tp38axtKAS61s+3klSJ0:eQfPZC373Fxu6X0

Score

10^/10

redline lux1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

lux1

C2

176.123.9.142:14845

Attributes

auth_value
b1b98d832c653f467fcd3037f7f368b0

Targets

- Target
  
  file
- Size
  
  331KB
- MD5
  
  5b05974cfe2155fe5f22dda4de2dc7bf
- SHA1
  
  ef9e5bb4591498da3e1b4f3766d6c220b117bb49
- SHA256
  
  4941d8199594001ad08541cbb238ac3954122f69ef7a650d3d9f9701ba2b7058
- SHA512
  
  bb841919373f1e6db4cb219987dc1f75ebbb1621d2e9cc9a017e09797b3958f9c70c9b28e9320281599b1e206a817e796b6db2a40c0891d9a398014a4fe1437e
- SSDEEP
  
  6144:eZifmtAhnZC3tp38axtKAS61s+3klSJ0:eQfPZC373Fxu6X0
Score

10^/10

redline lux1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelux1infostealerspyware

behavioral2

redlinelux1infostealerspyware