redline | 4a6233c912ff669059c5b9b3ab52e5d603033b3bd4f10f4eb50622d37c164242 | Triage

Sharing

General

Target

file
Size

702KB
Sample

230921-wn87esbg52
MD5

75b9806a4dcac3cd2db78ea61f4391e3
SHA1

d551e0dd927a240a757ccfcb0540d446eb60f59d
SHA256

4a6233c912ff669059c5b9b3ab52e5d603033b3bd4f10f4eb50622d37c164242
SHA512

bb4d106b62b21e68fbe6959b7b5dc00ac01116e96a1bc891b916a2f07a4adcba10513bbc57a2b7689b41508ea34584acb4424cad5e69d4e5b9b4778210bc773f
SSDEEP

12288:j2shISEAQgsPfg64uVQPTpxRFDKofu4vC:j2shIUQgsPfYpJS4a

Score

10^/10

redline smokiez infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

smokiez

C2

194.169.175.232:45450

Attributes

auth_value
7b7d8a036038ab89b98f422d559b4f8f

Targets

- Target
  
  file
- Size
  
  702KB
- MD5
  
  75b9806a4dcac3cd2db78ea61f4391e3
- SHA1
  
  d551e0dd927a240a757ccfcb0540d446eb60f59d
- SHA256
  
  4a6233c912ff669059c5b9b3ab52e5d603033b3bd4f10f4eb50622d37c164242
- SHA512
  
  bb4d106b62b21e68fbe6959b7b5dc00ac01116e96a1bc891b916a2f07a4adcba10513bbc57a2b7689b41508ea34584acb4424cad5e69d4e5b9b4778210bc773f
- SSDEEP
  
  12288:j2shISEAQgsPfg64uVQPTpxRFDKofu4vC:j2shIUQgsPfYpJS4a
Score

10^/10

redline smokiez infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokiezinfostealerspyware

behavioral2

redlinesmokiezinfostealerspyware