redline | 0e2d4edb43a6e1c32702a7a63771aa1af3f56966294eacb41de0e76f6e73abea | Triage

Sharing

General

Target

file.exe
Size

680KB
Sample

230716-zze99shf3s
MD5

3d579967bd0dec621aaacbf89c2157e1
SHA1

46b1c22a0bf32a6a4be9cce0b9200d80854000b5
SHA256

0e2d4edb43a6e1c32702a7a63771aa1af3f56966294eacb41de0e76f6e73abea
SHA512

d174fdd88d56cc85b34d27b4e9a80b5fe7c77a67fcbb3d6bed3d155cf2d3a7e3ca397db20995bddca448d90836b02df0779602f571f1abd467d6d0f8c0412b81
SSDEEP

12288:U/FMd2Z/ZyKB9UyTLrY1XLIcVNu2qg4OFSq76XZ:au2Z/7rYbVJ4O/6

Score

10^/10

redline lux3 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes

auth_value
e94dff9a76da90d6b000642c4a52574b

Targets

- Target
  
  file.exe
- Size
  
  680KB
- MD5
  
  3d579967bd0dec621aaacbf89c2157e1
- SHA1
  
  46b1c22a0bf32a6a4be9cce0b9200d80854000b5
- SHA256
  
  0e2d4edb43a6e1c32702a7a63771aa1af3f56966294eacb41de0e76f6e73abea
- SHA512
  
  d174fdd88d56cc85b34d27b4e9a80b5fe7c77a67fcbb3d6bed3d155cf2d3a7e3ca397db20995bddca448d90836b02df0779602f571f1abd467d6d0f8c0412b81
- SSDEEP
  
  12288:U/FMd2Z/ZyKB9UyTLrY1XLIcVNu2qg4OFSq76XZ:au2Z/7rYbVJ4O/6
Score

10^/10

redline lux3 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelux3infostealerspyware

behavioral2

redlinelux3infostealerspyware