redline | 4215352824a635ba671af9c6e265b99ea2a6aca8af16351ec9befa9c6fc5df0f | Triage

Sharing

General

Target

file.exe
Size

405KB
Sample

230917-2esqzada6y
MD5

def3d157679830bbceb2eee7ba377074
SHA1

233d5e97dee1333b401e8da54842fc3010ae91fe
SHA256

4215352824a635ba671af9c6e265b99ea2a6aca8af16351ec9befa9c6fc5df0f
SHA512

324486e8a98cd7c56b7c16ea6660a0d41d04f93f29c46a975a1f3f417a55cfc4a04731d59471ae6161afb2c7dee7b6095167669a45dd485b3ff28d0598212b3d
SSDEEP

6144:UAvJm09zORs+z/TMify9DAOtoQ09itN7IkTGx/a0v9N9aHb0E85:UQw09CK5NMYDTGxiG9k85

Score

10^/10

redline smokiez infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

smokiez

C2

194.169.175.232:45450

Attributes

auth_value
7b7d8a036038ab89b98f422d559b4f8f

Targets

- Target
  
  file.exe
- Size
  
  405KB
- MD5
  
  def3d157679830bbceb2eee7ba377074
- SHA1
  
  233d5e97dee1333b401e8da54842fc3010ae91fe
- SHA256
  
  4215352824a635ba671af9c6e265b99ea2a6aca8af16351ec9befa9c6fc5df0f
- SHA512
  
  324486e8a98cd7c56b7c16ea6660a0d41d04f93f29c46a975a1f3f417a55cfc4a04731d59471ae6161afb2c7dee7b6095167669a45dd485b3ff28d0598212b3d
- SSDEEP
  
  6144:UAvJm09zORs+z/TMify9DAOtoQ09itN7IkTGx/a0v9N9aHb0E85:UQw09CK5NMYDTGxiG9k85
Score

10^/10

redline smokiez infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokiezinfostealerspyware

behavioral2

redlinesmokiezinfostealerspyware