redline | 1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75 | Triage

Sharing

General

Target

1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
Size

239KB
Sample

221205-282wqsae8y
MD5

efb5c47eabb4a0f02e9bf2cabc1c98a7
SHA1

eb5acc78a0c43b55b7e6e5a5189e6e98b7e812da
SHA256

1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
SHA512

552b5145b330b5696f61dba46be31a6521c1aedb506554db8348bc2140c0fefc2c37daf1f05588dd6864614fc0fce3112a72e201bc4afa6fe9ddf1f8c931fca0
SSDEEP

3072:Lx+Ugbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcImyxO:Lx+UgWg5Kq+PwQoHp0DoK2KJSTfqrhmm

Score

10^/10

redline @p1 infostealer

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
- Size
  
  239KB
- MD5
  
  efb5c47eabb4a0f02e9bf2cabc1c98a7
- SHA1
  
  eb5acc78a0c43b55b7e6e5a5189e6e98b7e812da
- SHA256
  
  1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
- SHA512
  
  552b5145b330b5696f61dba46be31a6521c1aedb506554db8348bc2140c0fefc2c37daf1f05588dd6864614fc0fce3112a72e201bc4afa6fe9ddf1f8c931fca0
- SSDEEP
  
  3072:Lx+Ugbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcImyxO:Lx+UgWg5Kq+PwQoHp0DoK2KJSTfqrhmm
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer