redline | cbc0c2f6362096bbbc94ad223922b3c9749e41d0f52697e145ae0b9227ef4c05 | Triage

Sharing

General

Target

cbc0c2f6362096bbbc94ad223922b3c9749e41d0f52697e145ae0b9227ef4c05
Size

16.3MB
Sample

231112-jacvvadg87
MD5

5a621806b34213bcb95a5f6cf5f96fb1
SHA1

8ee5da6d7409f329a9a92111c1a142874ff22153
SHA256

cbc0c2f6362096bbbc94ad223922b3c9749e41d0f52697e145ae0b9227ef4c05
SHA512

ecbe30c14edb322e0ef885a6191031439dec401a1b02e8076b1d21b7d60fc649bf2ab5e593f12e8ba301a22f5cab19c2d67e4fcf45d22bf9030c5fbafa915191
SSDEEP

98304:kWMY+1U8qGJhyETvtu9nC68tALE1GGut5oKQE/8h85pYS/GM2EVTu:kWC1aG73Nl1GGg5bp/iEpvRT

Score

10^/10

redline yt&team cloud infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

YT&TEAM CLOUD

C2

194.169.175.235:42691

Targets

- Target
  
  cbc0c2f6362096bbbc94ad223922b3c9749e41d0f52697e145ae0b9227ef4c05
- Size
  
  16.3MB
- MD5
  
  5a621806b34213bcb95a5f6cf5f96fb1
- SHA1
  
  8ee5da6d7409f329a9a92111c1a142874ff22153
- SHA256
  
  cbc0c2f6362096bbbc94ad223922b3c9749e41d0f52697e145ae0b9227ef4c05
- SHA512
  
  ecbe30c14edb322e0ef885a6191031439dec401a1b02e8076b1d21b7d60fc649bf2ab5e593f12e8ba301a22f5cab19c2d67e4fcf45d22bf9030c5fbafa915191
- SSDEEP
  
  98304:kWMY+1U8qGJhyETvtu9nC68tALE1GGut5oKQE/8h85pYS/GM2EVTu:kWC1aG73Nl1GGg5bp/iEpvRT
Score

10^/10

redline yt&team cloud infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineyt&team cloudinfostealerspyware