redline | de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1 | Triage

Sharing

General

Target

de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
Size

239KB
Sample

221206-abj6wada3x
MD5

e78d8a619f24e1f5d332a16bb556c70a
SHA1

4f1d3998793dbd772dde0394e4c75d92abe7f6e6
SHA256

de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
SHA512

a76e905c639fe2633f6a315f617d3b5e38246d73a95fa19899b196d811485a96c434f2694003eaf1b28a8c9d81923d2c2419bb0a5859bb3edbef6b25aa6e52d1
SSDEEP

3072:8x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcHmwxO:8x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmz

Score

10^/10

redline @p1 infostealer

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
- Size
  
  239KB
- MD5
  
  e78d8a619f24e1f5d332a16bb556c70a
- SHA1
  
  4f1d3998793dbd772dde0394e4c75d92abe7f6e6
- SHA256
  
  de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
- SHA512
  
  a76e905c639fe2633f6a315f617d3b5e38246d73a95fa19899b196d811485a96c434f2694003eaf1b28a8c9d81923d2c2419bb0a5859bb3edbef6b25aa6e52d1
- SSDEEP
  
  3072:8x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcHmwxO:8x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmz
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer