Overview

overview

10

Static

static

1

eb207112f1...24.exe

windows7_x64

8

eb207112f1...24.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb207112f14ba9ba8bd62500f5a10f07a15af70d6c4fbc1d6ee0b9e14b685c24

  • Size

    1024KB

  • Sample

    220524-s8z8gagea9

  • MD5

    77754f3a52aa773c9d3a7800e6ef5175

  • SHA1

    35b044fd8435b6a886f5ad69938b4d5f60c92069

  • SHA256

    eb207112f14ba9ba8bd62500f5a10f07a15af70d6c4fbc1d6ee0b9e14b685c24

  • SHA512

    14a3d73698ea2872508e9ed2fcc62aea016a56da096bd5b24cfed3e85ccf771c794a69bdabf48c26d6f1eddb34be04883ad7099a14b60ec36cb879968717d128

Score
10/10
redline10infostealer

Malware Config

Extracted

Family

redline

Botnet

10

C2

195.161.41.203:80

Targets

    • Target

      eb207112f14ba9ba8bd62500f5a10f07a15af70d6c4fbc1d6ee0b9e14b685c24

    • Size

      1024KB

    • MD5

      77754f3a52aa773c9d3a7800e6ef5175

    • SHA1

      35b044fd8435b6a886f5ad69938b4d5f60c92069

    • SHA256

      eb207112f14ba9ba8bd62500f5a10f07a15af70d6c4fbc1d6ee0b9e14b685c24

    • SHA512

      14a3d73698ea2872508e9ed2fcc62aea016a56da096bd5b24cfed3e85ccf771c794a69bdabf48c26d6f1eddb34be04883ad7099a14b60ec36cb879968717d128

    Score
    10/10
    redline10infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks