redline | 960a06e77056fcb5c52f4e87f39fdfeb31ad646d52b429ba8acc91d8288399eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

343KB
Sample

230420-2g4w1scf94
MD5

2b3e31379a294e0fc4c79aeda508df0b
SHA1

daa73d9e7e1e739e1c97216b7dd768f55a25d885
SHA256

960a06e77056fcb5c52f4e87f39fdfeb31ad646d52b429ba8acc91d8288399eb
SHA512

de340722c6e5547f1b9b28f49fecfd93eec6a0f84306fbe2905479a7bb86f64778349c51c398a7d912ad5327d939e11c88a2d3fcc590c069ce437ece920a3b63
SSDEEP

6144:p6EjBK5G2/Ng5E8ZEWTXkx6gf25R9o+Bo:p6EI5GUNgm8ZZTXkw225RW

Score

10^/10

redline lux1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

lux1

C2

176.123.9.142:14845

Attributes

auth_value
b1b98d832c653f467fcd3037f7f368b0

Targets

- Target
  
  file.exe
- Size
  
  343KB
- MD5
  
  2b3e31379a294e0fc4c79aeda508df0b
- SHA1
  
  daa73d9e7e1e739e1c97216b7dd768f55a25d885
- SHA256
  
  960a06e77056fcb5c52f4e87f39fdfeb31ad646d52b429ba8acc91d8288399eb
- SHA512
  
  de340722c6e5547f1b9b28f49fecfd93eec6a0f84306fbe2905479a7bb86f64778349c51c398a7d912ad5327d939e11c88a2d3fcc590c069ce437ece920a3b63
- SSDEEP
  
  6144:p6EjBK5G2/Ng5E8ZEWTXkx6gf25R9o+Bo:p6EI5GUNgm8ZZTXkw225RW
Score

10^/10

redline lux1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelux1infostealerspyware

behavioral2

redlinelux1infostealerspyware