redline | a161eb165c4656e540e79f0571d6e32a0bffb77e65b889e53f2cc87f3ff3cc60 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows7-x64

9

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup.exe
Size

660KB
Sample

221129-jcd6pahb22
MD5

4de478e4b6f32014db0bdc2eff5f73cd
SHA1

9a1ff93bf2d80107c530f71b90afbaf0d23e9af8
SHA256

a161eb165c4656e540e79f0571d6e32a0bffb77e65b889e53f2cc87f3ff3cc60
SHA512

8b62aa044c008f62db118f571a3b0d67ecce5d54465205cda59575f39ea7abf61067689273df7e8a1b15acd3dcf186aff742c594bfcf91e4de16cc11bac04000
SSDEEP

12288:XeB8hEY8qW9XZ/sFDj8MQNTVdKr6jFlJ3RDCMn9isLV8sN:XhLWf/stQtlfXPNCMtLysN

Score

10^/10

redline usa infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20221111-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20221111-en

redline usa infostealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

USA

C2

109.107.191.169:34067

Attributes

auth_value
efb1b17e182f1e7cdb54a3e91436c48c

Targets

- Target
  
  Setup.exe
- Size
  
  660KB
- MD5
  
  4de478e4b6f32014db0bdc2eff5f73cd
- SHA1
  
  9a1ff93bf2d80107c530f71b90afbaf0d23e9af8
- SHA256
  
  a161eb165c4656e540e79f0571d6e32a0bffb77e65b889e53f2cc87f3ff3cc60
- SHA512
  
  8b62aa044c008f62db118f571a3b0d67ecce5d54465205cda59575f39ea7abf61067689273df7e8a1b15acd3dcf186aff742c594bfcf91e4de16cc11bac04000
- SSDEEP
  
  12288:XeB8hEY8qW9XZ/sFDj8MQNTVdKr6jFlJ3RDCMn9isLV8sN:XhLWf/stQtlfXPNCMtLysN
Score

10^/10

redline usa infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redlineusainfostealer

© 2018-2024

Terms | Privacy