redline | c20188aeac3782469ac75c40911e5bae45d36f2208e286b51a5f6f5e878e371b | Triage

Sharing

General

Target

c20188aeac3782469ac75c40911e5bae45d36f2208e286b51a5f6f5e878e371b
Size

277KB
Sample

221206-en8r8ahd22
MD5

75f4207637e56307389dfa82b3463690
SHA1

d7d51072a59f78314e90327a9f5f74004ae8b2a7
SHA256

c20188aeac3782469ac75c40911e5bae45d36f2208e286b51a5f6f5e878e371b
SHA512

1a634a4c84a6dd8304b15ad7e7e5010e347c21f9e9f23529f6f4945b00727df6084b1d7917977e1f4fed51b8fd3dc10f5dfa1627c756152a5c9c86089fe82b52
SSDEEP

3072:QLjOjXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWx+PsxO:QLSjXj0I/4nFzP8p+H

Score

10^/10

redline @2023 infostealer

Malware Config

Extracted

Family

redline

Botnet

@2023

C2

79.137.192.28:20723

Attributes

auth_value
93b4b7d0dc8e9415e261a402587c6710

Targets

- Target
  
  c20188aeac3782469ac75c40911e5bae45d36f2208e286b51a5f6f5e878e371b
- Size
  
  277KB
- MD5
  
  75f4207637e56307389dfa82b3463690
- SHA1
  
  d7d51072a59f78314e90327a9f5f74004ae8b2a7
- SHA256
  
  c20188aeac3782469ac75c40911e5bae45d36f2208e286b51a5f6f5e878e371b
- SHA512
  
  1a634a4c84a6dd8304b15ad7e7e5010e347c21f9e9f23529f6f4945b00727df6084b1d7917977e1f4fed51b8fd3dc10f5dfa1627c756152a5c9c86089fe82b52
- SSDEEP
  
  3072:QLjOjXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWx+PsxO:QLSjXj0I/4nFzP8p+H
Score

10^/10

redline @2023 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@2023infostealer