redline | d66083551f8ae90df7e5649b96d02551322707019c6721e59346341593baa6d3 | Triage

Sharing

General

Target

file.exe
Size

685KB
Sample

230718-pygrlaba6t
MD5

6611c346195622a1cd5edc04aa03faee
SHA1

e1277086b58032d9ced044966aaeff8597ed6127
SHA256

d66083551f8ae90df7e5649b96d02551322707019c6721e59346341593baa6d3
SHA512

19ded98e3c403dc367d3d86dc103cd20de1c95555ccf8fe0ea32cd7537c172db9d7b46786ac6488d4f201699a50d296a3bfd6c96f070a99ff73840b8aea214c6
SSDEEP

12288:gHlEtGp/N7yKB9UyTLrY1XzBlflu2qwC5Y75Uda/EwYbyaZ:OGGp/LrYdfxC5Y75UE7

Score

10^/10

redline cosmiccloud (https://cloudcosmic.store)infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

CosmicCloud (https://cloudcosmic.store)

C2

157.254.164.98:28449

Attributes

auth_value
dd6f6a88a2f6e474f5facc69ce29d130

Targets

- Target
  
  file.exe
- Size
  
  685KB
- MD5
  
  6611c346195622a1cd5edc04aa03faee
- SHA1
  
  e1277086b58032d9ced044966aaeff8597ed6127
- SHA256
  
  d66083551f8ae90df7e5649b96d02551322707019c6721e59346341593baa6d3
- SHA512
  
  19ded98e3c403dc367d3d86dc103cd20de1c95555ccf8fe0ea32cd7537c172db9d7b46786ac6488d4f201699a50d296a3bfd6c96f070a99ff73840b8aea214c6
- SSDEEP
  
  12288:gHlEtGp/N7yKB9UyTLrY1XzBlflu2qwC5Y75Uda/EwYbyaZ:OGGp/LrYdfxC5Y75UE7
Score

10^/10

redline cosmiccloud (https://cloudcosmic.store)infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecosmiccloud (https://cloudcosmic.store)infostealerspyware

behavioral2

redlinecosmiccloud (https://cloudcosmic.store)infostealerspyware