redline | 63cebbe380cf99272e0d8eb7a3ed9b84633a3eaa048484ab83019b570e711383 | Triage

Sharing

General

Target

file.exe
Size

1.0MB
Sample

230920-mwnq1sfg9t
MD5

c44085d4f410b0335bfd853629159a98
SHA1

6de766aca6eea98ddd1ac940c8110ef83c6df94b
SHA256

63cebbe380cf99272e0d8eb7a3ed9b84633a3eaa048484ab83019b570e711383
SHA512

2cbb0d64464c56fdaae34f77a2eb0f624b5ce7eb5c558d8d9104e1ae7d79f18bd1405bacca33737213ea37bc715c51629fd67a5ae3cea705f82800ea6f419d14
SSDEEP

12288:AsDd2dAHOvLBwvJ5ykrqJd0YSFYvtZ4tGxHXm0luGwGKblxzxDBA4Aa5ou:1J2dAHOvLBwvjYSIYkX4lfd75B

Score

10^/10

redline smokiez infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

smokiez

C2

194.169.175.232:45450

Attributes

auth_value
7b7d8a036038ab89b98f422d559b4f8f

Targets

- Target
  
  file.exe
- Size
  
  1.0MB
- MD5
  
  c44085d4f410b0335bfd853629159a98
- SHA1
  
  6de766aca6eea98ddd1ac940c8110ef83c6df94b
- SHA256
  
  63cebbe380cf99272e0d8eb7a3ed9b84633a3eaa048484ab83019b570e711383
- SHA512
  
  2cbb0d64464c56fdaae34f77a2eb0f624b5ce7eb5c558d8d9104e1ae7d79f18bd1405bacca33737213ea37bc715c51629fd67a5ae3cea705f82800ea6f419d14
- SSDEEP
  
  12288:AsDd2dAHOvLBwvJ5ykrqJd0YSFYvtZ4tGxHXm0luGwGKblxzxDBA4Aa5ou:1J2dAHOvLBwvjYSIYkX4lfd75B
Score

10^/10

redline smokiez infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokiezinfostealerspyware

behavioral2

redlinesmokiezinfostealerspyware