redline | a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec | Triage

Sharing

General

Target

a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
Size

239KB
Sample

221206-cjebpsbc6x
MD5

f53740a0a41ab68520c565b0d7d37037
SHA1

a123c999491f11846753f964488904d7c6e986fa
SHA256

a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
SHA512

672b4c7fcead98adccb13e26a9c1f2cbde741872a834bd42ec41810331ef0e2f69a21784df887b8eea81fb1966957a427ab6a334811ce3b39b0175e4b6762a3a
SSDEEP

3072:Vx+4gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATc1m/xO:Vx+4gWg5Kq+PwQoHp0DoK2KJSTfqrhmq

Score

10^/10

redline @p1 infostealer

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
- Size
  
  239KB
- MD5
  
  f53740a0a41ab68520c565b0d7d37037
- SHA1
  
  a123c999491f11846753f964488904d7c6e986fa
- SHA256
  
  a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
- SHA512
  
  672b4c7fcead98adccb13e26a9c1f2cbde741872a834bd42ec41810331ef0e2f69a21784df887b8eea81fb1966957a427ab6a334811ce3b39b0175e4b6762a3a
- SSDEEP
  
  3072:Vx+4gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATc1m/xO:Vx+4gWg5Kq+PwQoHp0DoK2KJSTfqrhmq
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer