redline | ae7c820817b0834c2df58c8f1f31c7f4ca5e4c0421ac833a7383476dcf1bcff4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca3a02fe9d62fe2e4c1fe87993254163.bin
Size

200KB
Sample

230502-csy3gabc6v
MD5

6e6bdee52057d2656985dd323241a409
SHA1

23831523be4f3de42c1ef9658e27bc7dc78ed1ef
SHA256

ae7c820817b0834c2df58c8f1f31c7f4ca5e4c0421ac833a7383476dcf1bcff4
SHA512

a11b6426e4a8a27f0f30ca476590f891ede14078eca9090d01e512ed069fb948a68350d4278f3b002db019cfeeace211836c8a477c6fe0771817ae1f341806b8
SSDEEP

6144:1LNdocMZ3A9Pc7tlncDGo44LIF4dGsXGnDkeRLjXD:1zMBA9c7taCohbGsXc3

Score

10^/10

redline @cloudcosmic infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@CLOUDCOSMIC

C2

157.254.164.98:28449

Attributes

auth_value
c8ced34a15f6ccc97625aee05a0d1951

Targets

- Target
  
  9d95eee47ec29d250eeac035360b7d5ed210294b71179cb0853d85940c27d8fc.exe
- Size
  
  341KB
- MD5
  
  ca3a02fe9d62fe2e4c1fe87993254163
- SHA1
  
  5d9f04ec8468491072895acf7a75b5dc082cdc92
- SHA256
  
  9d95eee47ec29d250eeac035360b7d5ed210294b71179cb0853d85940c27d8fc
- SHA512
  
  dc1c1f6b7519cbe6d24f1372cb3554d910530902245c33440616ec2fbae0d8a2a661595ee9542d05ab7288667385f472b0eeddeb697448d1f084fb8fe982c736
- SSDEEP
  
  6144:JRR9YZ5JHpc89QAFngKZh30uhTTJq0nB8jS/Izo/:HR9YzJH1OAxgKNvVNPV
Score

10^/10

redline @cloudcosmic infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@cloudcosmicinfostealerspyware

behavioral2

redline@cloudcosmicinfostealerspyware