Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ec7c48618e54281657622c6af1c956ae39e5720c611f73c289fc221a757561d

  • Size

    2.4MB

  • Sample

    221101-kly3wshha7

  • MD5

    5c38cf2afc574656731239ebf58df70c

  • SHA1

    65b14424dca0f422344bbbaef993b0111873f72e

  • SHA256

    1ec7c48618e54281657622c6af1c956ae39e5720c611f73c289fc221a757561d

  • SHA512

    9f44df27a7dcee5609df75ace40919a889a91609e13115c0c17acad685948127aa62867b8aa7b660f88cc6ed54330fd90a7e02cbef8cf83ec7c7c203f75c00a4

  • SSDEEP

    24576:vG7+YgYx8n9aAMeqoXDrxoThea+IIYFJPl5qeYwEPLEENwul3RuQ55313k:vGo/u1IYjt5qeYwEPwE1l3K

Score
10/10
redline@netisabuserinfostealer

Malware Config

Extracted

Family

redline

Botnet

@netisabuser

C2

5.182.36.101:31305

Attributes
  • auth_value

    de8ab5cc47e62d1870dbcb6ac44c9bb2

Targets

    • Target

      1ec7c48618e54281657622c6af1c956ae39e5720c611f73c289fc221a757561d

    • Size

      2.4MB

    • MD5

      5c38cf2afc574656731239ebf58df70c

    • SHA1

      65b14424dca0f422344bbbaef993b0111873f72e

    • SHA256

      1ec7c48618e54281657622c6af1c956ae39e5720c611f73c289fc221a757561d

    • SHA512

      9f44df27a7dcee5609df75ace40919a889a91609e13115c0c17acad685948127aa62867b8aa7b660f88cc6ed54330fd90a7e02cbef8cf83ec7c7c203f75c00a4

    • SSDEEP

      24576:vG7+YgYx8n9aAMeqoXDrxoThea+IIYFJPl5qeYwEPLEENwul3RuQ55313k:vGo/u1IYjt5qeYwEPwE1l3K

    Score
    10/10
    redline@netisabuserinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks