redline | 700985f7c1ac041e2ba3762046f248e88a1d6d96ee043ff45fe83fdc8b5f01bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

1.1MB
Sample

230919-vl2twsag3x
MD5

05aea4b0f343f156b1ccf2903e78c64c
SHA1

e7e3efe9ea840970736db7c60b43dea1cd31e0d0
SHA256

700985f7c1ac041e2ba3762046f248e88a1d6d96ee043ff45fe83fdc8b5f01bb
SHA512

b5773cc9e036f861c629634e034e3a9eec270d2c2dba98bc8ccf98863dceb51b95b2b331ad65e3f8be845871578343fd8756606e46d52d7e028d6dac26721653
SSDEEP

12288:mwsj+N2dA1o49i4ytPZR5QZVfn5TjzorNHK4kIubL0igcH0W4uPlweAdLCAM:psj02dA1h9i4ytQVl3hHzlwYAM

Score

10^/10

redline smokiez infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

smokiez

C2

194.169.175.232:45450

Attributes

auth_value
7b7d8a036038ab89b98f422d559b4f8f

Targets

- Target
  
  file
- Size
  
  1.1MB
- MD5
  
  05aea4b0f343f156b1ccf2903e78c64c
- SHA1
  
  e7e3efe9ea840970736db7c60b43dea1cd31e0d0
- SHA256
  
  700985f7c1ac041e2ba3762046f248e88a1d6d96ee043ff45fe83fdc8b5f01bb
- SHA512
  
  b5773cc9e036f861c629634e034e3a9eec270d2c2dba98bc8ccf98863dceb51b95b2b331ad65e3f8be845871578343fd8756606e46d52d7e028d6dac26721653
- SSDEEP
  
  12288:mwsj+N2dA1o49i4ytPZR5QZVfn5TjzorNHK4kIubL0igcH0W4uPlweAdLCAM:psj02dA1h9i4ytQVl3hHzlwYAM
Score

10^/10

redline smokiez infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokiezinfostealerspyware

behavioral2

redlinesmokiezinfostealerspyware