redline | 5fba97d3754463903fd78f3eec2876cda867391c84b97da5bec5e9a07c012ddc | Triage

Sharing

General

Target

5fba97d3754463903fd78f3eec2876cda867391c84b97da5bec5e9a07c012ddc
Size

277KB
Sample

221206-e7hp5scd8s
MD5

306fc913cab5bd2e92ce5e7d042dfbb1
SHA1

22b45e1ae21ea280cb2090b76fd18c23ef1656cf
SHA256

5fba97d3754463903fd78f3eec2876cda867391c84b97da5bec5e9a07c012ddc
SHA512

eda3f4e5325b445953dea7749dd9221532dfa6a0c13d51e059ab2f3d4fc34edc2ec677de9e7f3a8d9bbb1b1acb4f2c9ca80464c983a77b6f4049815a3fdbd003
SSDEEP

3072:nLjOVXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWn+AxO:nLSVXj0I/4nFzP8p+1

Score

10^/10

redline @2023 infostealer

Malware Config

Extracted

Family

redline

Botnet

@2023

C2

79.137.192.28:20723

Attributes

auth_value
93b4b7d0dc8e9415e261a402587c6710

Targets

- Target
  
  5fba97d3754463903fd78f3eec2876cda867391c84b97da5bec5e9a07c012ddc
- Size
  
  277KB
- MD5
  
  306fc913cab5bd2e92ce5e7d042dfbb1
- SHA1
  
  22b45e1ae21ea280cb2090b76fd18c23ef1656cf
- SHA256
  
  5fba97d3754463903fd78f3eec2876cda867391c84b97da5bec5e9a07c012ddc
- SHA512
  
  eda3f4e5325b445953dea7749dd9221532dfa6a0c13d51e059ab2f3d4fc34edc2ec677de9e7f3a8d9bbb1b1acb4f2c9ca80464c983a77b6f4049815a3fdbd003
- SSDEEP
  
  3072:nLjOVXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWn+AxO:nLSVXj0I/4nFzP8p+1
Score

10^/10

redline @2023 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@2023infostealer