redline | 686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b | Triage

Submit
Reports

Overview

overview

Static

static

686a4b97ac...3b.exe

windows7_x64

686a4b97ac...3b.exe

windows10-2004_x64

Sharing

General

Target

686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
Size

851KB
Sample

220521-npy4vaeaa7
MD5

3537bace415d485bb0528309f957c4cb
SHA1

e438188ecf9b4624262983cb61d92476040304e4
SHA256

686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
SHA512

bf18cc15c180d2cde71554bf2504344434cd0d4df64dc445931cd02694469c267adbeb028b9e306b5fb340020fc73eb4fb579fb3094c5d59eec55061d5c958d5

Score

10^/10

redline seks coreentity infostealer rezer0

Static task

static1

Behavioral task

behavioral1

Sample

686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b.exe

Resource

win7-20220414-en

redline seks coreentity infostealer rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b.exe

Resource

win10v2004-20220414-en

redline seks infostealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

seks

C2

45.153.229.9:80

Targets

- Target
  
  686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
- Size
  
  851KB
- MD5
  
  3537bace415d485bb0528309f957c4cb
- SHA1
  
  e438188ecf9b4624262983cb61d92476040304e4
- SHA256
  
  686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
- SHA512
  
  bf18cc15c180d2cde71554bf2504344434cd0d4df64dc445931cd02694469c267adbeb028b9e306b5fb340020fc73eb4fb579fb3094c5d59eec55061d5c958d5
Score

10^/10

redline seks coreentity infostealer rezer0
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesekscoreentityinfostealerrezer0

behavioral2

redlineseksinfostealer

© 2018-2024

Terms | Privacy