redline | 6cb286357b8a941afc3a992394e5d44ad00a8410593b182f962619ef506c835e | Triage

Sharing

General

Target

extremeinjectorv3.7.2.exe
Size

1018KB
Sample

210403-8j7qxf1122
MD5

89a392f9f9724a91263257a46d48daa9
SHA1

1d172b4b0188a5215f5a0666564ce092fd08833b
SHA256

6cb286357b8a941afc3a992394e5d44ad00a8410593b182f962619ef506c835e
SHA512

eb158d2f28d91ac3a8e90003c45041660f6be5b3c25bfa9bb8243e15a7cdd29f8ec90463cf1810371485dc7199c334b93bcf72f9f7a1d25b02bdadb9fb0467dd

Score

10^/10

redline @domen777 infostealer

Malware Config

Extracted

Family

redline

Botnet

@DOMEN777

C2

87.251.71.211:80

Targets

- Target
  
  extremeinjectorv3.7.2.exe
- Size
  
  1018KB
- MD5
  
  89a392f9f9724a91263257a46d48daa9
- SHA1
  
  1d172b4b0188a5215f5a0666564ce092fd08833b
- SHA256
  
  6cb286357b8a941afc3a992394e5d44ad00a8410593b182f962619ef506c835e
- SHA512
  
  eb158d2f28d91ac3a8e90003c45041660f6be5b3c25bfa9bb8243e15a7cdd29f8ec90463cf1810371485dc7199c334b93bcf72f9f7a1d25b02bdadb9fb0467dd
Score

10^/10

redline @domen777 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@domen777infostealer

behavioral2

redline@domen777infostealer