redline | d35e7b84acffc8961da9ba5b2c097f4861622118919e2a430bac6f4fbad1195e | Triage

Sharing

General

Target

file.exe
Size

710KB
Sample

230708-ty8brsfe26
MD5

17d3bf32699ba6983b3c807117eb155e
SHA1

9b58bc21e5fcd5cbc5fb228da5b7482386cda943
SHA256

d35e7b84acffc8961da9ba5b2c097f4861622118919e2a430bac6f4fbad1195e
SHA512

e6f2a893776b3f3b9aae812b47c93abdd9779fbf7d3a6a0c6e84832bbc2249f5c273895f22762bd6be56f0f929bc850bed7b46e49244a24d5133c8c8e8585f63
SSDEEP

12288:RV2wCVzg+gQS2LoVbHFAMpX5cg4uauifNmHNqXiZEf9pJn:HGNKFA0XyScXxTh

Score

10^/10

redline @ytlogsbot infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.9.85:16482

Attributes

auth_value
36b3ee30353ed1e6c1776af75fcfbc2c

Targets

- Target
  
  file.exe
- Size
  
  710KB
- MD5
  
  17d3bf32699ba6983b3c807117eb155e
- SHA1
  
  9b58bc21e5fcd5cbc5fb228da5b7482386cda943
- SHA256
  
  d35e7b84acffc8961da9ba5b2c097f4861622118919e2a430bac6f4fbad1195e
- SHA512
  
  e6f2a893776b3f3b9aae812b47c93abdd9779fbf7d3a6a0c6e84832bbc2249f5c273895f22762bd6be56f0f929bc850bed7b46e49244a24d5133c8c8e8585f63
- SSDEEP
  
  12288:RV2wCVzg+gQS2LoVbHFAMpX5cg4uauifNmHNqXiZEf9pJn:HGNKFA0XyScXxTh
Score

10^/10

redline @ytlogsbot infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@ytlogsbotinfostealerspyware

behavioral2

redline@ytlogsbotinfostealerspyware