redline | f6706aafbeb4e8e10478bb1fd5b171e2f7f13399416344aba46233593e6f5d69 | Triage

Submit
Reports

Overview

overview

Static

static

ROR.exe

windows7-x64

ROR.exe

windows10-2004-x64

Resubmissions

11-11-2022 23:07

221111-236mqsfc7v 10

11-11-2022 22:52

221111-2tw2yafb91 10

Sharing

General

Target

ROR.exe
Size

1.7MB
Sample

221111-236mqsfc7v
MD5

85ea4565608d2f6c35decb6ed8547749
SHA1

e15ae6c93c9e998b030609fdf4b3274925694229
SHA256

f6706aafbeb4e8e10478bb1fd5b171e2f7f13399416344aba46233593e6f5d69
SHA512

762b5e5293067c484ca54fa297f5770217275a7594083b64b15ed65955f64ba158bbf58a7713419c2dc15d265a7bf8c85b4f11c8fd27e62ba21f429493df4dd5
SSDEEP

24576:WVCrlD3LeNOUaHfxaBXjVId3tgErJsF36RYioPHdo/SQE9AoA5:Wut0jaH5gkxdsF3TPdo/rE9AP

Score

10^/10

redline @noxycloud infostealer

Static task

static1

Behavioral task

behavioral1

Sample

ROR.exe

Resource

win7-20220812-en

redline @noxycloud infostealer

windows7-x64

5 signatures

120 seconds

Behavioral task

behavioral2

Sample

ROR.exe

Resource

win10v2004-20220812-en

redline @noxycloud infostealer

windows10-2004-x64

5 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

@NoxyCloud

C2

85.192.63.57:34210

Attributes

auth_value
20dc074852db65a2b74addf964cf576e

Targets

- Target
  
  ROR.exe
- Size
  
  1.7MB
- MD5
  
  85ea4565608d2f6c35decb6ed8547749
- SHA1
  
  e15ae6c93c9e998b030609fdf4b3274925694229
- SHA256
  
  f6706aafbeb4e8e10478bb1fd5b171e2f7f13399416344aba46233593e6f5d69
- SHA512
  
  762b5e5293067c484ca54fa297f5770217275a7594083b64b15ed65955f64ba158bbf58a7713419c2dc15d265a7bf8c85b4f11c8fd27e62ba21f429493df4dd5
- SSDEEP
  
  24576:WVCrlD3LeNOUaHfxaBXjVId3tgErJsF36RYioPHdo/SQE9AoA5:Wut0jaH5gkxdsF3TPdo/rE9AP
Score

10^/10

redline @noxycloud infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redline@noxycloudinfostealer

behavioral2

redline@noxycloudinfostealer

© 2018-2024

Terms | Privacy