redline | hxxps://disk[.]yandex[.]ru/d/ERPE36V3wkTV0g | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

https://disk.yandex....

windows10_x64

Sharing

General

Target

https://disk.yandex.ru/d/ERPE36V3wkTV0g
Sample

211021-pzlryabbep

Score

10^/10

redline 832304211 infostealer

Static task

static1

URLScan task

urlscan1

Sample

https://disk.yandex.ru/d/ERPE36V3wkTV0g

Behavioral task

behavioral1

Sample

https://disk.yandex.ru/d/ERPE36V3wkTV0g

Resource

win10-en-20210920

redline 832304211 infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

832304211

C2

94.26.248.120:63731

Targets

- Target
  
  https://disk.yandex.ru/d/ERPE36V3wkTV0g
Score

10^/10

redline 832304211 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

redline832304211infostealer

© 2018-2024

Terms | Privacy