redline | 6ae110bb6a1d79cc8090a55f52e0634997e378c13354d026c8443288942935f0 | Triage

Sharing

General

Target

6ae110bb6a1d79cc8090a55f52e0634997e378c13354d026c8443288942935f0
Size

277KB
Sample

221206-d3tfeacc7x
MD5

8cfb86773ea88895989f96e052a15870
SHA1

c2d66030602cf9f59cb6bf55fe3917478e9e07bf
SHA256

6ae110bb6a1d79cc8090a55f52e0634997e378c13354d026c8443288942935f0
SHA512

9b1c9446d62451b5357872a80dd9241ca3b7f95333686337a6ade59e06103e645591c8944043e399f7dfa5e5c1a8bc8aece5e27b0c3999e54ee2259f6182bdcd
SSDEEP

3072:fLjO3Xj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWH+KxO:fLS3Xj0I/4nFzP8p+z

Score

10^/10

redline @2023 infostealer

Malware Config

Extracted

Family

redline

Botnet

@2023

C2

79.137.192.28:20723

Attributes

auth_value
93b4b7d0dc8e9415e261a402587c6710

Targets

- Target
  
  6ae110bb6a1d79cc8090a55f52e0634997e378c13354d026c8443288942935f0
- Size
  
  277KB
- MD5
  
  8cfb86773ea88895989f96e052a15870
- SHA1
  
  c2d66030602cf9f59cb6bf55fe3917478e9e07bf
- SHA256
  
  6ae110bb6a1d79cc8090a55f52e0634997e378c13354d026c8443288942935f0
- SHA512
  
  9b1c9446d62451b5357872a80dd9241ca3b7f95333686337a6ade59e06103e645591c8944043e399f7dfa5e5c1a8bc8aece5e27b0c3999e54ee2259f6182bdcd
- SSDEEP
  
  3072:fLjO3Xj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWH+KxO:fLS3Xj0I/4nFzP8p+z
Score

10^/10

redline @2023 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@2023infostealer