redline | 74a6a15afc7a6a02b766a4cac3a5043a3bc211c8654547f5eb6fbbc139be3d01 | Triage

Sharing

General

Target

74a6a15afc7a6a02b766a4cac3a5043a3bc211c8654547f5eb6fbbc139be3d01
Size

239KB
Sample

230903-1wx7cacc8v
MD5

63fa63eb20daee310f807a45a34fdfb8
SHA1

7b763bc87f5414efadfdf534a823104653304471
SHA256

74a6a15afc7a6a02b766a4cac3a5043a3bc211c8654547f5eb6fbbc139be3d01
SHA512

405ac65096c7ac3108a32a6e909409a1be70f1d9e68c48a3ea8750d16944c96ac29f1ebd55388dc6f462d8f375f6dd2e68dced315872d10c2ca7f9effce88aef
SSDEEP

3072:Gh86vNdE6kRg2jyEA0mTyvZkvKFQgb3AxyXcvsxLOJ1z9UH0jW0uavwD:M8QE6kRgEdBXPAIsEI1zmH0jW0nvwD

Score

10^/10

redline lux3 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes

auth_value
e94dff9a76da90d6b000642c4a52574b

Targets

- Target
  
  74a6a15afc7a6a02b766a4cac3a5043a3bc211c8654547f5eb6fbbc139be3d01
- Size
  
  239KB
- MD5
  
  63fa63eb20daee310f807a45a34fdfb8
- SHA1
  
  7b763bc87f5414efadfdf534a823104653304471
- SHA256
  
  74a6a15afc7a6a02b766a4cac3a5043a3bc211c8654547f5eb6fbbc139be3d01
- SHA512
  
  405ac65096c7ac3108a32a6e909409a1be70f1d9e68c48a3ea8750d16944c96ac29f1ebd55388dc6f462d8f375f6dd2e68dced315872d10c2ca7f9effce88aef
- SSDEEP
  
  3072:Gh86vNdE6kRg2jyEA0mTyvZkvKFQgb3AxyXcvsxLOJ1z9UH0jW0uavwD:M8QE6kRgEdBXPAIsEI1zmH0jW0nvwD
Score

10^/10

redline lux3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelux3discoveryinfostealerspywarestealer

behavioral2

redlinelux3discoveryinfostealerspywarestealer