95029e00a50b60c370c4fcdc60cb0b6d

General
Target

95029e00a50b60c370c4fcdc60cb0b6d

Size

656KB

Sample

211021-s37qcsbdbl

Score
10 /10
MD5

95029e00a50b60c370c4fcdc60cb0b6d

SHA1

c4d156c2f55fae1cc834e5f0a455d7804dc005eb

SHA256

46364afc53eb092dd409e8b31aa2bac984388678baef9154a8dac3d2aee58bfd

SHA512

8fa4ddc75198894f8e6bffef5331b3b98c759cdc6ee60333d66db5084b0b16981d9d7f20ec41c0988152275c33853ab31882648be4ea7f3b332d591ef634ae60

Malware Config

Extracted

Family redline
Botnet itit
C2

185.213.211.110:35105

Targets
Target

95029e00a50b60c370c4fcdc60cb0b6d

MD5

95029e00a50b60c370c4fcdc60cb0b6d

Filesize

656KB

Score
10/10
SHA1

c4d156c2f55fae1cc834e5f0a455d7804dc005eb

SHA256

46364afc53eb092dd409e8b31aa2bac984388678baef9154a8dac3d2aee58bfd

SHA512

8fa4ddc75198894f8e6bffef5331b3b98c759cdc6ee60333d66db5084b0b16981d9d7f20ec41c0988152275c33853ab31882648be4ea7f3b332d591ef634ae60

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10