redline | 4af55a79245502d5996bc221af187ae7d92d8ce9ae4f0474bc955ab19429b608 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

630KB
Sample

230716-z3atysgg43
MD5

9830adb8f1e433cd9e882a0a95f8fd32
SHA1

a18e4578a7769ba48d634b03451d821e3deaedf2
SHA256

4af55a79245502d5996bc221af187ae7d92d8ce9ae4f0474bc955ab19429b608
SHA512

7caa94a825110e408adff297171efaea2c66c53ce25307fa126a5929add508090d83256bf5f8d0a9469416a04f3a4366c58c972b5b969d364ac8f72a909b514d
SSDEEP

12288:F30e+2Z//7yKB9UyTLrY1X6ql6Au2qwLF1UxdxiRGKPU72A3CZ:F42Z/JrYr6yLF6xdxiRGKPUSA3

Score

10^/10

redline @ytlogsbot infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.9.85:16482

Attributes

auth_value
36b3ee30353ed1e6c1776af75fcfbc2c

Targets

- Target
  
  file.exe
- Size
  
  630KB
- MD5
  
  9830adb8f1e433cd9e882a0a95f8fd32
- SHA1
  
  a18e4578a7769ba48d634b03451d821e3deaedf2
- SHA256
  
  4af55a79245502d5996bc221af187ae7d92d8ce9ae4f0474bc955ab19429b608
- SHA512
  
  7caa94a825110e408adff297171efaea2c66c53ce25307fa126a5929add508090d83256bf5f8d0a9469416a04f3a4366c58c972b5b969d364ac8f72a909b514d
- SSDEEP
  
  12288:F30e+2Z//7yKB9UyTLrY1X6ql6Au2qwLF1UxdxiRGKPU72A3CZ:F42Z/JrYr6yLF6xdxiRGKPUSA3
Score

10^/10

redline @ytlogsbot infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@ytlogsbotinfostealerspyware

behavioral2

redline@ytlogsbotinfostealerspyware