redline | 088c85e00396d248bbde1eb6d0cd625a93b855dafcad453a9b4cfa7298d9f737 | Triage

Sharing

General

Target

Launcher-pc.exe
Size

1.2MB
Sample

240527-cfwftadc66
MD5

11d011764d48e2f395773bab180886e0
SHA1

1ffb437b4372212a7b836cd2c7f74bdff081d0de
SHA256

088c85e00396d248bbde1eb6d0cd625a93b855dafcad453a9b4cfa7298d9f737
SHA512

ce88d6a477f372a520cfc11781fbe440e102d5b0a4b5222236559cc2f181b9e7d993b92b1ba034de6fdf6324c2d51dd1187009df7c7c6ee36ea16243dc3d6d03
SSDEEP

24576:E3rlRwC9QxcBk2JaEj/ysh8Zkq6wVXaF8D8Wgt3ghZ:E3r7Qx8k2JaEb1mkrw1NE3A

Score

10^/10

redline @lubitel_vina infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@lubitel_vina

C2

147.45.47.93:80

Targets

- Target
  
  Launcher-pc.exe
- Size
  
  1.2MB
- MD5
  
  11d011764d48e2f395773bab180886e0
- SHA1
  
  1ffb437b4372212a7b836cd2c7f74bdff081d0de
- SHA256
  
  088c85e00396d248bbde1eb6d0cd625a93b855dafcad453a9b4cfa7298d9f737
- SHA512
  
  ce88d6a477f372a520cfc11781fbe440e102d5b0a4b5222236559cc2f181b9e7d993b92b1ba034de6fdf6324c2d51dd1187009df7c7c6ee36ea16243dc3d6d03
- SSDEEP
  
  24576:E3rlRwC9QxcBk2JaEj/ysh8Zkq6wVXaF8D8Wgt3ghZ:E3r7Qx8k2JaEb1mkrw1NE3A
Score

10^/10

redline @lubitel_vina infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@lubitel_vinainfostealerspywarestealer