redline | 7b70b9f9483656e7b8ce1981fefd6dfe77cfd0d89b0826eb2c1ebabbf7d23a18 | Triage

Submit
Reports

Overview

overview

Static

static

C4Loader.exe

windows7-x64

C4Loader.exe

windows10-2004-x64

7

Sharing

General

Target

C4Loader.exe
Size

32KB
Sample

221126-3fzfksgc3y
MD5

1b0e1de4fc8c200d3ea4509b9937ff01
SHA1

2cd17bfc99d0675977ee0bbd0494ed2aaa96cb2a
SHA256

7b70b9f9483656e7b8ce1981fefd6dfe77cfd0d89b0826eb2c1ebabbf7d23a18
SHA512

59821ffa02b7876da06032e577dfea6cc6df133b19e2a9c2295e1f6011883e2c298f71b2a4c5f04ceca492a26a1e22bdf368f95747cf7fba0dc4e3916c8ef403
SSDEEP

384:9vXX8GJ98MXVej4FsObOM7o/qo9VhvyCtCWdCMT42Ud0fz5WA9Snh9ZpR5ZsHLEt:RXX8GT8MXBb7oCIpwl2vz5WASnhza5c

Score

10^/10

redline 1 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

C4Loader.exe

Resource

win7-20220812-en

redline 1 infostealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

C4Loader.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

107.182.129.73:21733

Attributes

auth_value
3a5bb0917495b4312d052a0b8977d2bb

Targets

- Target
  
  C4Loader.exe
- Size
  
  32KB
- MD5
  
  1b0e1de4fc8c200d3ea4509b9937ff01
- SHA1
  
  2cd17bfc99d0675977ee0bbd0494ed2aaa96cb2a
- SHA256
  
  7b70b9f9483656e7b8ce1981fefd6dfe77cfd0d89b0826eb2c1ebabbf7d23a18
- SHA512
  
  59821ffa02b7876da06032e577dfea6cc6df133b19e2a9c2295e1f6011883e2c298f71b2a4c5f04ceca492a26a1e22bdf368f95747cf7fba0dc4e3916c8ef403
- SSDEEP
  
  384:9vXX8GJ98MXVej4FsObOM7o/qo9VhvyCtCWdCMT42Ud0fz5WA9Snh9ZpR5ZsHLEt:RXX8GT8MXBb7oCIpwl2vz5WASnhza5c
Score

10^/10

redline 1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1infostealer

behavioral2

© 2018-2024

Terms | Privacy