redline | a7df64ebd5e654fce4e6d9a8dbdb08866488a54d3e8143f8f77c0ec5ad5fb746 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7df64ebd5e654fce4e6d9a8dbdb08866488a54d3e8143f8f77c0ec5ad5fb746
Size

217KB
Sample

221125-kwweraeh35
MD5

de397dbce2938d73b613d5f507abd829
SHA1

3014fa23bd15b85c14edd0fb33a210efde2603b2
SHA256

a7df64ebd5e654fce4e6d9a8dbdb08866488a54d3e8143f8f77c0ec5ad5fb746
SHA512

eef811fe82b622bd259788ec2bc9c2ebf128d0f1dc55d28361a86a44f44a3c8b97db8bf1abfaa57053f3c2bfdeef5b8e499b9e5f13283dbe5d9e06403e1e5f55
SSDEEP

3072:s6dC33HeGzjm5y64Vi5yztrgnsXHLKXveE5ofyinY9gjxJep8Ez/hx0pjQkTruoy:lA33eGOeFgWefBiY9gjxgv0pkkLx

Score

10^/10

redline @madboyza infostealer

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes

auth_value
9bfce7bfb110f8f53d96c7a32c655358

Targets

- Target
  
  a7df64ebd5e654fce4e6d9a8dbdb08866488a54d3e8143f8f77c0ec5ad5fb746
- Size
  
  217KB
- MD5
  
  de397dbce2938d73b613d5f507abd829
- SHA1
  
  3014fa23bd15b85c14edd0fb33a210efde2603b2
- SHA256
  
  a7df64ebd5e654fce4e6d9a8dbdb08866488a54d3e8143f8f77c0ec5ad5fb746
- SHA512
  
  eef811fe82b622bd259788ec2bc9c2ebf128d0f1dc55d28361a86a44f44a3c8b97db8bf1abfaa57053f3c2bfdeef5b8e499b9e5f13283dbe5d9e06403e1e5f55
- SSDEEP
  
  3072:s6dC33HeGzjm5y64Vi5yztrgnsXHLKXveE5ofyinY9gjxJep8Ez/hx0pjQkTruoy:lA33eGOeFgWefBiY9gjxgv0pkkLx
Score

10^/10

redline @madboyza infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@madboyzainfostealer