redline | ea63340c1c1914c476b780cf79e8189c9aa1b38ff6b406f66a3fc630799cb911 | Triage

Sharing

General

Target

ea63340c1c1914c476b780cf79e8189c9aa1b38ff6b406f66a3fc630799cb911
Size

405KB
Sample

230918-st8lasab9x
MD5

ae2d696509b2d0c96f6f4d117928eac8
SHA1

776a2e2ddbd800feeec5b36d1ee34192275e9a58
SHA256

ea63340c1c1914c476b780cf79e8189c9aa1b38ff6b406f66a3fc630799cb911
SHA512

1ded6b18879dcb131829918f92329a4db3558b8b8562aead361d56be8c70638df69aabb46cbffeea51b5ec2f8f8d93803a64d71e9df80c13a8af3f6c65029af4
SSDEEP

6144:WbvJm09zORs+z/TMify9DAOboQwDIL4lfyuVhKoPdRkAL285:W7w09CK5NCnIEQujKE685

Score

10^/10

redline smokiez infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

smokiez

C2

194.169.175.232:45450

Attributes

auth_value
7b7d8a036038ab89b98f422d559b4f8f

Targets

- Target
  
  ea63340c1c1914c476b780cf79e8189c9aa1b38ff6b406f66a3fc630799cb911
- Size
  
  405KB
- MD5
  
  ae2d696509b2d0c96f6f4d117928eac8
- SHA1
  
  776a2e2ddbd800feeec5b36d1ee34192275e9a58
- SHA256
  
  ea63340c1c1914c476b780cf79e8189c9aa1b38ff6b406f66a3fc630799cb911
- SHA512
  
  1ded6b18879dcb131829918f92329a4db3558b8b8562aead361d56be8c70638df69aabb46cbffeea51b5ec2f8f8d93803a64d71e9df80c13a8af3f6c65029af4
- SSDEEP
  
  6144:WbvJm09zORs+z/TMify9DAOboQwDIL4lfyuVhKoPdRkAL285:W7w09CK5NCnIEQujKE685
Score

10^/10

redline smokiez infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokiezinfostealerspyware