redline | 31c9d8b7973f90769d41b9c8c9b7ce69b87c890384b6fbf2f27499b28096f274 | Triage

Submit
Reports

Overview

overview

Static

static

apphost.exe

windows7_x64

apphost.exe

windows10-2004_x64

Sharing

General

Target

31c9d8b7973f90769d41b9c8c9b7ce69b87c890384b6fbf2f27499b28096f274
Size

694KB
Sample

220521-np2vqshbcj
MD5

61072e959487ed7a6d8af3df000383a2
SHA1

bb0baf882a4b80cdad105b636a28dc665d30ef34
SHA256

31c9d8b7973f90769d41b9c8c9b7ce69b87c890384b6fbf2f27499b28096f274
SHA512

dea4156c984bdf2c841f1fab5ce64249f1690a9ed00dffe5e98bc1a8f2e85649bcabc3575f04413e25dea96872a8aee9273e1a38af59f1bbc35f6e2ebcf26e58

Score

10^/10

redline seks coreentity infostealer rezer0

Static task

static1

Behavioral task

behavioral1

Sample

apphost.exe

Resource

win7-20220414-en

redline seks coreentity infostealer rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

apphost.exe

Resource

win10v2004-20220414-en

redline seks infostealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

seks

C2

45.153.229.9:80

Targets

- Target
  
  apphost.exe
- Size
  
  851KB
- MD5
  
  3537bace415d485bb0528309f957c4cb
- SHA1
  
  e438188ecf9b4624262983cb61d92476040304e4
- SHA256
  
  686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
- SHA512
  
  bf18cc15c180d2cde71554bf2504344434cd0d4df64dc445931cd02694469c267adbeb028b9e306b5fb340020fc73eb4fb579fb3094c5d59eec55061d5c958d5
Score

10^/10

redline seks coreentity infostealer rezer0
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesekscoreentityinfostealerrezer0

behavioral2

redlineseksinfostealer

© 2018-2024

Terms | Privacy