redline | d5d6c066ef44f41d96a1de2d6090c5a66b955eb9242ba71b6e44972541d96bd7 | Triage

Submit
Reports

Overview

overview

Static

static

e03d91f51a...c4.exe

windows7-x64

e03d91f51a...c4.exe

windows10-2004-x64

Sharing

General

Target

e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4
Size

145KB
Sample

221205-w4svdaha6y
MD5

198660c5963a408de327ca380988397e
SHA1

c0df3bfd3d5230bcb57913f9e17398ea23e20572
SHA256

d5d6c066ef44f41d96a1de2d6090c5a66b955eb9242ba71b6e44972541d96bd7
SHA512

4d455b555e502786e84c04d398e7481941eb94ed9a46d71f42c85ef9d004a52f7152957e596b52e097a7eb53ad2aa3bd0c947435464f34133d591a94d36bd92f
SSDEEP

3072:LzjoQXcMPhNCjiljhBNiJLLcMCEosy6QdZuf3r9K4l0fY:LzjoQXrPhNYilNBNvMCE37Yqo4ug

Score

10^/10

redline @p1 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4.exe

Resource

win7-20220812-en

redline @p1 infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4.exe

Resource

win10v2004-20220812-en

redline @p1 infostealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4
- Size
  
  235KB
- MD5
  
  a5e8ed73ce62bac965db83c132c38efa
- SHA1
  
  ae0c9bde239412faa23ab2b7d2e57c582fda98be
- SHA256
  
  e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4
- SHA512
  
  c8346d724216a63c9c8ac1261dda488ed5e7e40660fd707d54a70442d1b2529225e254178846c790defddfd0ce7aafd00ad9bba772227bc7d0a18f1d65278dcb
- SSDEEP
  
  6144:t+lYNxCOWg5Kq+PwQoHp0DoK2KJSTfqrhmY:t+lYzNAeQR2KJqfqrhmY
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer

behavioral2

redline@p1infostealer

© 2018-2024

Terms | Privacy