redline | 2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25 | Triage

Sharing

General

Target

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
Size

239KB
Sample

221205-127yqseh7w
MD5

5f66f6f04fab186a8bd08162c1e67337
SHA1

30fbbedab38ce51ac8009cf337794fd53552d726
SHA256

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
SHA512

9bb1b7f180f449fac9cdf53b94f51eb5aaaf7881b5eac3c0010d0acbeb23c82016f580764bd16643507ba5ff7d6dbd0dcc42aee3d321dafe610a9f797a5ddacf
SSDEEP

3072:zx+Ygbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcYmbxO:zx+YgWg5Kq+PwQoHp0DoK2KJSTfqrhm3

Score

10^/10

redline @p1 infostealer

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
- Size
  
  239KB
- MD5
  
  5f66f6f04fab186a8bd08162c1e67337
- SHA1
  
  30fbbedab38ce51ac8009cf337794fd53552d726
- SHA256
  
  2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
- SHA512
  
  9bb1b7f180f449fac9cdf53b94f51eb5aaaf7881b5eac3c0010d0acbeb23c82016f580764bd16643507ba5ff7d6dbd0dcc42aee3d321dafe610a9f797a5ddacf
- SSDEEP
  
  3072:zx+Ygbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcYmbxO:zx+YgWg5Kq+PwQoHp0DoK2KJSTfqrhm3
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer