redline | 404f2d2629f40e85a44f73a6e75ea8ead6d34b0a5e1eb3af4a9972985b517fac | Triage

Sharing

General

Target

404f2d2629f40e85a44f73a6e75ea8ead6d34b0a5e1eb3af4a9972985b517fac
Size

15.5MB
Sample

231105-p4jhdagh64
MD5

43dd43083bf57daf439d6aafc84bb1f2
SHA1

b71f215b2bda432d40c542b0ddf2a6d3920a236b
SHA256

404f2d2629f40e85a44f73a6e75ea8ead6d34b0a5e1eb3af4a9972985b517fac
SHA512

167c52bc7a590895a3565699a05e681af7e9e2be4af0fb777d03a5112bb425d08145a7955fd26922c2fdc3410e2af814351a5de01545724356cbe8f11afb7580
SSDEEP

98304:OcO2xKWhq+01YwnP31dTYoQ0dHc6bqJO:Off/0oQA86bp

Score

10^/10

redline yt&team cloud infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

YT&TEAM CLOUD

C2

194.169.175.235:42691

Targets

- Target
  
  404f2d2629f40e85a44f73a6e75ea8ead6d34b0a5e1eb3af4a9972985b517fac
- Size
  
  15.5MB
- MD5
  
  43dd43083bf57daf439d6aafc84bb1f2
- SHA1
  
  b71f215b2bda432d40c542b0ddf2a6d3920a236b
- SHA256
  
  404f2d2629f40e85a44f73a6e75ea8ead6d34b0a5e1eb3af4a9972985b517fac
- SHA512
  
  167c52bc7a590895a3565699a05e681af7e9e2be4af0fb777d03a5112bb425d08145a7955fd26922c2fdc3410e2af814351a5de01545724356cbe8f11afb7580
- SSDEEP
  
  98304:OcO2xKWhq+01YwnP31dTYoQ0dHc6bqJO:Off/0oQA86bp
Score

10^/10

redline yt&team cloud infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineyt&team cloudinfostealerspyware