redline | 23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318
Size

2.4MB
Sample

221101-knnd6shhc9
MD5

8d73bd6de1591619bba27542933ee911
SHA1

00e5657de6feb4bfee3489e564d9605da5f3202e
SHA256

23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318
SHA512

118892feb5c5b6aeb2bd7881492fb23bbf509a96e067907931231799ad703362531f34192fef6507ceeab0521ef8e3ec96c8c8e901ee7b77b5e00f2e3b5f4374
SSDEEP

24576:J3ZIOaY2Ytzmq4mMdmo6erlHa16JNotj2PV4o5iY3CBLHLKKOmZUl3RuQ55313T:pZICslNotKdViY3CBLH8l3p

Score

10^/10

redline @foruman infostealer

Static task

static1

Behavioral task

behavioral1

Sample

23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318.exe

Resource

win7-20220901-en

redline @foruman infostealer

windows7-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318.exe

Resource

win10-20220812-en

redline @foruman infostealer

windows10-1703-x64

4 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

@foruman

C2

185.106.92.226:40788

Attributes

auth_value
bd15c39173a26033961a0c806b2b4684

Targets

- Target
  
  23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318
- Size
  
  2.4MB
- MD5
  
  8d73bd6de1591619bba27542933ee911
- SHA1
  
  00e5657de6feb4bfee3489e564d9605da5f3202e
- SHA256
  
  23522fc8df71c90aa1264da8540de72d3d569c12fafd6da9be7af11c4f97d318
- SHA512
  
  118892feb5c5b6aeb2bd7881492fb23bbf509a96e067907931231799ad703362531f34192fef6507ceeab0521ef8e3ec96c8c8e901ee7b77b5e00f2e3b5f4374
- SSDEEP
  
  24576:J3ZIOaY2Ytzmq4mMdmo6erlHa16JNotj2PV4o5iY3CBLHLKKOmZUl3RuQ55313T:pZICslNotKdViY3CBLH8l3p
Score

10^/10

redline @foruman infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redline@forumaninfostealer

behavioral2

redline@forumaninfostealer

© 2018-2024

Terms | Privacy