redline | 5ee1f779588b294c68ede649cc88446fa5389e56ce17f2e27396c7de99fba122 | Triage

Sharing

General

Target

5ee1f779588b294c68ede649cc88446fa5389e56ce17f2e27396c7de99fba122
Size

239KB
Sample

230830-eex95ahe69
MD5

58cfa8e7c5abe950fe844849d3f563fa
SHA1

9478321ba6822e9cc5db1e7826897fd92b0078bd
SHA256

5ee1f779588b294c68ede649cc88446fa5389e56ce17f2e27396c7de99fba122
SHA512

c1aee27258d03470db36b70ad8fbcf0c5a8ad7d3773c5a3e1734dec4fcf6437a3f736d1c5970fe3777033465e0ce20826f27763d6a432e5981e249c077e8400c
SSDEEP

3072:G/ddE6e3goa8y0A0mTyvZkvKFQgb3AxyXcvsxLOJ1z9UH0jW0uavwD:G3E6e3gCdBXPAIsEI1zmH0jW0nvwD

Score

10^/10

redline lux3 infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes

auth_value
e94dff9a76da90d6b000642c4a52574b

Targets

- Target
  
  5ee1f779588b294c68ede649cc88446fa5389e56ce17f2e27396c7de99fba122
- Size
  
  239KB
- MD5
  
  58cfa8e7c5abe950fe844849d3f563fa
- SHA1
  
  9478321ba6822e9cc5db1e7826897fd92b0078bd
- SHA256
  
  5ee1f779588b294c68ede649cc88446fa5389e56ce17f2e27396c7de99fba122
- SHA512
  
  c1aee27258d03470db36b70ad8fbcf0c5a8ad7d3773c5a3e1734dec4fcf6437a3f736d1c5970fe3777033465e0ce20826f27763d6a432e5981e249c077e8400c
- SSDEEP
  
  3072:G/ddE6e3goa8y0A0mTyvZkvKFQgb3AxyXcvsxLOJ1z9UH0jW0uavwD:G3E6e3gCdBXPAIsEI1zmH0jW0nvwD
Score

10^/10

redline lux3 infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelux3infostealerspywarestealer

behavioral2

redlinelux3infostealerspywarestealer