redline | 737edd04a475bfd87b9f7549eaada5b6a445b64972db3aa3e0f55b7d82107c03 | Triage

Sharing

General

Target

cbe8af1bd5f5737ee10311bf3b2009c4.bin
Size

138KB
Sample

230610-ctqgqaeg5s
MD5

c1a9a6da9a42c502da32a49de0e961fc
SHA1

96680de5e6926e57f4060986ca1264fd60178839
SHA256

737edd04a475bfd87b9f7549eaada5b6a445b64972db3aa3e0f55b7d82107c03
SHA512

da61bf8307ed1103830b56e039be8c3637a57568859f4304547bf472ed52b47a6b648359bc3464eac78afd828f1eb2a481fa7815421bf6a662214a68a24da95f
SSDEEP

3072:stQML3vRsnqYmK2JSsrhvgqnz9QWusnbuuuK2Pv4llMiSjXWsP2ml:stlLfJM23SE9tnburK2Pv6lMiS7x2S

Score

10^/10

redline lux3 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes

auth_value
e94dff9a76da90d6b000642c4a52574b

Targets

- Target
  
  06a152194976346ea573394df32e58244ec5f1d9f97008d1fd69ae7146f47c4f.exe
- Size
  
  304KB
- MD5
  
  cbe8af1bd5f5737ee10311bf3b2009c4
- SHA1
  
  1dcd3aa218231f7a76db330c39abaf56d35a0c26
- SHA256
  
  06a152194976346ea573394df32e58244ec5f1d9f97008d1fd69ae7146f47c4f
- SHA512
  
  4e3e0337c6de5d0be5514266fbedfeb577d3c684277e2d2692ad73a459fee4695479f383697e517eab9dd24f9fe7692e4d84813b12b2e843a79c2c4f0c4d4a16
- SSDEEP
  
  6144:DJiaQVtzlRba+Y0P0imtipjXkhoyXlVwXCcetePH:DJ4VN40ZXkhoyXlVwXCNePH
Score

10^/10

redline lux3 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelux3infostealerspyware

behavioral2

redlinelux3infostealerspyware