redline | f62904530c2df665f20a7a2dcf96de34d2f5c7d78b6092fd616596df53685322 | Triage

Sharing

General

Target

f62904530c2df665f20a7a2dcf96de34d2f5c7d78b6092fd616596df53685322
Size

239KB
Sample

221206-awcbrsed9s
MD5

2f8dbddb71b741137a62962b7662006c
SHA1

28b78f2a7217f6e8cc1c8fe61e01d3e46b4976f0
SHA256

f62904530c2df665f20a7a2dcf96de34d2f5c7d78b6092fd616596df53685322
SHA512

ffe35cff7ae03eabf8ff04b712d1c0369b8db0a4d75e5fff4a2eadc0756d5d44c8f0186f16c5eca8441cb222c9baf1c59b0c3f0c3842ba1335fa4a7202989ed2
SSDEEP

3072:4x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcmmMxO:4x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmy

Score

10^/10

redline @p1 infostealer

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  f62904530c2df665f20a7a2dcf96de34d2f5c7d78b6092fd616596df53685322
- Size
  
  239KB
- MD5
  
  2f8dbddb71b741137a62962b7662006c
- SHA1
  
  28b78f2a7217f6e8cc1c8fe61e01d3e46b4976f0
- SHA256
  
  f62904530c2df665f20a7a2dcf96de34d2f5c7d78b6092fd616596df53685322
- SHA512
  
  ffe35cff7ae03eabf8ff04b712d1c0369b8db0a4d75e5fff4a2eadc0756d5d44c8f0186f16c5eca8441cb222c9baf1c59b0c3f0c3842ba1335fa4a7202989ed2
- SSDEEP
  
  3072:4x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcmmMxO:4x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmy
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer