redline | d01fe3dbc995e4b5b209631e5ae30b792d88a78676f695127f8a5db9bf59b48c | Triage

Sharing

General

Target

d01fe3dbc995e4b5b209631e5ae30b792d88a78676f695127f8a5db9bf59b48c
Size

3.2MB
Sample

240704-2p931atelp
MD5

e671a39ffdad8e262a45ef77d97a14f4
SHA1

d451ad059bf52c22ff5de8ed7968991bbc169828
SHA256

d01fe3dbc995e4b5b209631e5ae30b792d88a78676f695127f8a5db9bf59b48c
SHA512

1352b04ffd300060e9abcc2880e53c4957a2b128b006603a20a08793a57b766b6579f5c53325b3fccc57db660fb7f14b93b7259e9fd0e1f2a78c53be026f3a20
SSDEEP

49152:27vtm1geO0RDX0/BxBL6V2nM5PsKGPGatU8H+f7z0VBeNPswBr:27VmdOMeBvLa2nVKG+aZ20BSP3

Score

10^/10

redline yt&team cloud discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

YT&TEAM CLOUD

C2

185.172.128.33:8970

Targets

- Target
  
  d01fe3dbc995e4b5b209631e5ae30b792d88a78676f695127f8a5db9bf59b48c
- Size
  
  3.2MB
- MD5
  
  e671a39ffdad8e262a45ef77d97a14f4
- SHA1
  
  d451ad059bf52c22ff5de8ed7968991bbc169828
- SHA256
  
  d01fe3dbc995e4b5b209631e5ae30b792d88a78676f695127f8a5db9bf59b48c
- SHA512
  
  1352b04ffd300060e9abcc2880e53c4957a2b128b006603a20a08793a57b766b6579f5c53325b3fccc57db660fb7f14b93b7259e9fd0e1f2a78c53be026f3a20
- SSDEEP
  
  49152:27vtm1geO0RDX0/BxBL6V2nM5PsKGPGatU8H+f7z0VBeNPswBr:27VmdOMeBvLa2nVKG+aZ20BSP3
Score

10^/10

redline yt&team cloud discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineyt&team clouddiscoveryinfostealerspywarestealer

behavioral2

redlineyt&team clouddiscoveryinfostealerspywarestealer