redline

Sharing

Copy URL

Twitter E-mail

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazA4VVlJdERhN3hZTnItTUN0eXNBQW8xR1dNZ3xBQ3Jtc0tuczIyTUcyR2pvNWZxVFhfOFVZQXAzMGJFSG1FRV9rWlF4WnozaUxyVWJZendLOGs1YWp3Nmszbl9TZmM1cTZ5RlJIN1RXSURzLXVHWVlEUS1TSnhveW5rc1VNX25qNGgxWnpqODlRSGtTblhLY3h6MA&q=https%3A%2F%2Ftinyurl.com%2F34mcs45p
Sample

240702-a83dqatfpk

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@tronzzz

94.228.166.68:80

Targets

- Target
  
  https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazA4VVlJdERhN3hZTnItTUN0eXNBQW8xR1dNZ3xBQ3Jtc0tuczIyTUcyR2pvNWZxVFhfOFVZQXAzMGJFSG1FRV9rWlF4WnozaUxyVWJZendLOGs1YWp3Nmszbl9TZmM1cTZ5RlJIN1RXSURzLXVHWVlEUS1TSnhveW5rc1VNX25qNGgxWnpqODlRSGtTblhLY3h6MA&q=https%3A%2F%2Ftinyurl.com%2F34mcs45p
Score

10^/10

redline @tronzzz infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

urlscan1

behavioral1