redline | 7ca102e1ba7b7e6f886024178299d61461e4c4ed323b487be362926f9b1d4283 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

365KB
Sample

230414-v7prfscd7v
MD5

fa8d66982b6d541caaf4c63fa0e815d1
SHA1

391da51f38ef069aba4bac550490d960a8ddea31
SHA256

7ca102e1ba7b7e6f886024178299d61461e4c4ed323b487be362926f9b1d4283
SHA512

7409bd5d6db52b5262f8bcd989c56dc2947b20168933096d795f2692f6b4fa114b230700f7d293790d2f265275cd9851b7edbd056943fc34c2c38578618338ef
SSDEEP

3072:dSMXOJ0xS0NvBAIfAg0Fu7LyiSCueybc/tzAcmUjQMmQSOe0pj2R9RsK2tltM4IY:dSMXOJ8DAIfAOmbcOyBKFMlqd

Score

10^/10

redline lux2 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

lux2

C2

176.123.9.142:14845

Attributes

auth_value
a190ebf01162a5f4150c75b51cfe6687

Targets

- Target
  
  file.exe
- Size
  
  365KB
- MD5
  
  fa8d66982b6d541caaf4c63fa0e815d1
- SHA1
  
  391da51f38ef069aba4bac550490d960a8ddea31
- SHA256
  
  7ca102e1ba7b7e6f886024178299d61461e4c4ed323b487be362926f9b1d4283
- SHA512
  
  7409bd5d6db52b5262f8bcd989c56dc2947b20168933096d795f2692f6b4fa114b230700f7d293790d2f265275cd9851b7edbd056943fc34c2c38578618338ef
- SSDEEP
  
  3072:dSMXOJ0xS0NvBAIfAg0Fu7LyiSCueybc/tzAcmUjQMmQSOe0pj2R9RsK2tltM4IY:dSMXOJ8DAIfAOmbcOyBKFMlqd
Score

10^/10

redline lux2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelux2infostealerspyware

behavioral2

redlinelux2infostealerspyware