redline | d288a7fd07191acb917c5e46a9e2544aa72e164b07f9e9c169d080f0e391824c | Triage

Submit
Reports

Overview

overview

Static

static

b3bfe485ea...28.exe

windows7-x64

b3bfe485ea...28.exe

windows10-2004-x64

Sharing

General

Target

b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
Size

146KB
Sample

221206-bzpa6sfc76
MD5

f99292cdca37b094f00a1d4923b11efe
SHA1

c5f05e83bc5f5fd291b77a3694bbb0f014e84917
SHA256

d288a7fd07191acb917c5e46a9e2544aa72e164b07f9e9c169d080f0e391824c
SHA512

1f874b7b63f1d69d8e74135bddefd1a2d33b45e76b940eca4f99e541bde52e06c5db0d67a0a57a24144ae75d75be80ae14fa153c0d9d61000f36f8659d43a714
SSDEEP

3072:TnOYsTjKU+1wVzMmY4ah4+P8XinDd3rhpRGPyuEJbCI:yYQ01Nh4uUylpCI

Score

10^/10

redline @p1 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe

Resource

win7-20221111-en

redline @p1 infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe

Resource

win10v2004-20220812-en

redline @p1 infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
- Size
  
  239KB
- MD5
  
  d41cf20a6dfdce872e1fc78b554d4e63
- SHA1
  
  055c4e9b8ec14cb08532a3389c3f7539ceb983d9
- SHA256
  
  b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
- SHA512
  
  fb9600518aab4c68064a658f46f7424e4fc4686e458f9937192bf9bb2bb17c37826b69cf6dea4739facd7a8a1bfde8ba818d813fcccdd912886ff88a3bf3ea14
- SSDEEP
  
  3072:ix+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcRm9xO:ix+2gWg5Kq+PwQoHp0DoK2KJSTfqrhmQ
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer

behavioral2

redline@p1infostealer

© 2018-2024

Terms | Privacy