redline | c2cd67ea2665458ceb874f9dc38fc27130fa337f9a15390da6a08197a4662108 | Triage

Submit
Reports

Overview

overview

Static

static

da94274731...f5.exe

windows7-x64

da94274731...f5.exe

windows10-2004-x64

Sharing

General

Target

da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
Size

146KB
Sample

221205-xhpfhafc35
MD5

7340f659fb21245f4ea5d1853e1f7fb8
SHA1

e2ce84d113b51bb3719198d30008fa6665d4f881
SHA256

c2cd67ea2665458ceb874f9dc38fc27130fa337f9a15390da6a08197a4662108
SHA512

5a813787924442af0f0477b620aae330496c3fab43c2d782c4cfafaf59a589a291b72602119a079f176f0fa0d83a8bdd8f4207d201aea5238ff0b7094c0f19c0
SSDEEP

3072:/XpK87pgxw2tQqyJU8X4a57Ygri5qWoqcE7WyR6ZjO2nnxcSv:/XMDDnkU64alri5qWkHQNSv

Score

10^/10

redline @p1 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5.exe

Resource

win7-20221111-en

redline @p1 infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5.exe

Resource

win10v2004-20220812-en

redline @p1 infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
- Size
  
  239KB
- MD5
  
  bc2f3e2864833b29a8e144f5450bdce5
- SHA1
  
  d99c03bee4cc8c117c8bd24a143aeefed771bed6
- SHA256
  
  da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
- SHA512
  
  eb17a5bd9cbdd045cebca3a50abd9db020ad06f22f1d50b74581c5327bc0d1655109065a202e5521ccee88d6bc0fe8c11c616d8444434acb4856aec271cc3507
- SSDEEP
  
  3072:ox+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcrm7xO:ox+2gWg5Kq+PwQoHp0DoK2KJSTfqrhm8
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer

behavioral2

redline@p1infostealer

© 2018-2024

Terms | Privacy