redline | 319875a4c7898ae0f636f5ee26e14172008724c4567eacfba7a36aa4b2a413c4 | Triage

Sharing

General

Target

089a8afdbd2da31e6180ea0d8a85b3e1.bin.exe
Size

346KB
Sample

230420-eym89sfe26
MD5

089a8afdbd2da31e6180ea0d8a85b3e1
SHA1

7126a510297ca035b255abbeefab4385830b3ab2
SHA256

319875a4c7898ae0f636f5ee26e14172008724c4567eacfba7a36aa4b2a413c4
SHA512

584bcf8e1b5e0dc90cf2f26a7896f8bd19dfdbc461d3d1e241e4643db2782b67acecb7c9687044658cfb1a44f73e68351513ff5108d17b26ed7d85268d2d7d0f
SSDEEP

6144:cT11Ka2T5jBmjEKCPcuyflTX8deh8I5jAriUzU:cT1aTvmjZCZolT+I5Urh

Score

10^/10

redline @cosmiccloudadmin infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@COSMICCLOUDADMIN

C2

20.226.69.130:30497

Attributes

auth_value
0c9b7221bd50ac4f7beb692ba88b2c78

Targets

- Target
  
  089a8afdbd2da31e6180ea0d8a85b3e1.bin.exe
- Size
  
  346KB
- MD5
  
  089a8afdbd2da31e6180ea0d8a85b3e1
- SHA1
  
  7126a510297ca035b255abbeefab4385830b3ab2
- SHA256
  
  319875a4c7898ae0f636f5ee26e14172008724c4567eacfba7a36aa4b2a413c4
- SHA512
  
  584bcf8e1b5e0dc90cf2f26a7896f8bd19dfdbc461d3d1e241e4643db2782b67acecb7c9687044658cfb1a44f73e68351513ff5108d17b26ed7d85268d2d7d0f
- SSDEEP
  
  6144:cT11Ka2T5jBmjEKCPcuyflTX8deh8I5jAriUzU:cT1aTvmjZCZolT+I5Urh
Score

10^/10

redline @cosmiccloudadmin infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@cosmiccloudadmininfostealerspyware

behavioral2

redline@cosmiccloudadmininfostealerspyware