redline | 0b54139c8390fdeb69ebeca0f9f094de8d28c4e89f9b0f2fb83ba1a9a0fd03ce | Triage

Sharing

General

Target

file
Size

824KB
Sample

230824-wk5ptsgb3w
MD5

df5019ae9db759be6c5422413d699bd0
SHA1

4478ea13a936ac754146427595f790c76d1dc8bb
SHA256

0b54139c8390fdeb69ebeca0f9f094de8d28c4e89f9b0f2fb83ba1a9a0fd03ce
SHA512

0ba1826a70439ad4fedf9ed35986c705eb4425c9845dc5c1b55d585ccf89648debea7e37c42b57ef6ca12e2ce24c5d6d9988a5f66b54c9923137341c40e9c1db
SSDEEP

24576:92epjK5U1a2vjevHHunpE5GAfrMb9pOP1sCO2eic7:h5a2vjevHHuKJrMo1b47

Score

10^/10

redline smokiez_1 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

smokiez_1

C2

194.169.175.232:45450

Attributes

auth_value
e49d5cc41e562b8a51ac9deafefa34b5

Targets

- Target
  
  file
- Size
  
  824KB
- MD5
  
  df5019ae9db759be6c5422413d699bd0
- SHA1
  
  4478ea13a936ac754146427595f790c76d1dc8bb
- SHA256
  
  0b54139c8390fdeb69ebeca0f9f094de8d28c4e89f9b0f2fb83ba1a9a0fd03ce
- SHA512
  
  0ba1826a70439ad4fedf9ed35986c705eb4425c9845dc5c1b55d585ccf89648debea7e37c42b57ef6ca12e2ce24c5d6d9988a5f66b54c9923137341c40e9c1db
- SSDEEP
  
  24576:92epjK5U1a2vjevHHunpE5GAfrMb9pOP1sCO2eic7:h5a2vjevHHuKJrMo1b47
Score

10^/10

redline smokiez_1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokiez_1infostealerspyware

behavioral2

redlinesmokiez_1infostealerspyware