Overview

overview

10

Static

static

a0b9e82331...a0.exe

windows7_x64

10

a0b9e82331...a0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0b9e8233184f431bb27bf239b7fc1a0.exe

  • Size

    819KB

  • Sample

    210926-vdd3vsfafl

  • MD5

    a0b9e8233184f431bb27bf239b7fc1a0

  • SHA1

    4b5e662b64a83e1bb22644085b2b88cc3f084360

  • SHA256

    1e31f411b06517388b7adbcc5bc918f3985d447f710aa9711926faf68d044f9a

  • SHA512

    3fbb0f6e0811dd2f21bf0e53095aacd6acdeae074ae97828e01b0518cc27e2af3cbdb4541f5f76dd5f3dca19631675ef1fcc171dc8f13903f0d922131a53e5b2

Score
10/10
redlineinfostealer

Malware Config

Extracted

Family

redline

C2

51.91.193.179:5048

Targets

    • Target

      a0b9e8233184f431bb27bf239b7fc1a0.exe

    • Size

      819KB

    • MD5

      a0b9e8233184f431bb27bf239b7fc1a0

    • SHA1

      4b5e662b64a83e1bb22644085b2b88cc3f084360

    • SHA256

      1e31f411b06517388b7adbcc5bc918f3985d447f710aa9711926faf68d044f9a

    • SHA512

      3fbb0f6e0811dd2f21bf0e53095aacd6acdeae074ae97828e01b0518cc27e2af3cbdb4541f5f76dd5f3dca19631675ef1fcc171dc8f13903f0d922131a53e5b2

    Score
    10/10
    redlineinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks