redline | 1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855 | Triage

Sharing

General

Target

1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
Size

239KB
Sample

221205-3lxtyabf51
MD5

8fa36c69a0face26443a005a1659edab
SHA1

f6c9f7bac5ec00d2f80f4c080af4aa02d6413c51
SHA256

1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
SHA512

a73f73016963d1e6227b405f95c7866d7e5908d4b7ff7cee93f92b7281be998474cec24671520e31ac0690c55a6f6894340051ddc77181debf29e02e101d5f05
SSDEEP

3072:fx+Igbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcLmrxO:fx+IgWg5Kq+PwQoHp0DoK2KJSTfqrhmM

Score

10^/10

redline @p1 infostealer

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
- Size
  
  239KB
- MD5
  
  8fa36c69a0face26443a005a1659edab
- SHA1
  
  f6c9f7bac5ec00d2f80f4c080af4aa02d6413c51
- SHA256
  
  1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
- SHA512
  
  a73f73016963d1e6227b405f95c7866d7e5908d4b7ff7cee93f92b7281be998474cec24671520e31ac0690c55a6f6894340051ddc77181debf29e02e101d5f05
- SSDEEP
  
  3072:fx+Igbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcLmrxO:fx+IgWg5Kq+PwQoHp0DoK2KJSTfqrhmM
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer