Overview

overview

10

Static

static

c094276a51...88.exe

windows7-x64

10

c094276a51...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788

  • Size

    131KB

  • Sample

    221206-dhtknscc5w

  • MD5

    2e1651be4a756ad7a4ab2e8408ada4d3

  • SHA1

    f5ca89d62de7b24c4af8ba6dd9e867517e6d91fc

  • SHA256

    755c38846a19518c0aae07f728e967c4117e6347028b88971a8fc320b5039cfe

  • SHA512

    a90db99ac4b24078c59064e2f4a5d396706dee75afa023d5f7718e5f47ab8df679ee32b53d99f70e68c0b0353ddfe5c774719a160fd720903f8de9a2dce6110c

  • SSDEEP

    3072:rDShwquRxButYEOoAzyyjaQCIvBLm3me0Jt:H2cBSYEOTzyyjKEBLifm

Score
10/10
redline@2023infostealer

Malware Config

Extracted

Family

redline

Botnet

@2023

C2

79.137.192.28:20723

Attributes
  • auth_value

    93b4b7d0dc8e9415e261a402587c6710

Targets

    • Target

      c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788

    • Size

      277KB

    • MD5

      68ea97a6369144650688c2110b4b3795

    • SHA1

      931416ef15cb3b3cd564977aea4305a94265a9d1

    • SHA256

      c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788

    • SHA512

      c80edb56f18706a247d04357591d382461a26467ba31897e2653c0c7756c0d7a98cd05c9bd4cad5ec0e1827c6744ecff57c33ea2299f886db74193b4f584dac7

    • SSDEEP

      3072:FLjOlXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWe+kxO:FLSlXj0I/4nFzP8p+8

    Score
    10/10
    redline@2023infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks