redline | 58567be43d8183543f190c62c3a28be2c3d8cd85005f2ad58613a810eeaa8ab1 | Triage

Sharing

General

Target

58567be43d8183543f190c62c3a28be2c3d8cd85005f2ad58613a810eeaa8ab1
Size

269KB
Sample

221206-n78q1aae8s
MD5

7eeef796f094d4f0d0a898dfcaeb59e9
SHA1

d9471c923e11e32e4af2dbf091d25aae6ecd9466
SHA256

58567be43d8183543f190c62c3a28be2c3d8cd85005f2ad58613a810eeaa8ab1
SHA512

31b7cbfc6b087887d3cbf1ccd8738d499ca5f28ed03c90be6ace8ca244aa84a95515b666eeac0068a24ef0119400702210281fe43033830ed85be5eafbd3c3e9
SSDEEP

3072:kMADZu3ENYoKjAID8M/tdy98JMLOSEkb7WLa3QA/SfSnZKGCVy98n4POLxO:ZADZu3ENSjAIDHE98JEbCe3QwSAZTp

Score

10^/10

redline @2023@infostealer

Malware Config

Extracted

Family

redline

Botnet

@2023@

C2

193.106.191.138:32796

Attributes

auth_value
ca057e5baadfd0774a34a6a949cd5e69

Targets

- Target
  
  58567be43d8183543f190c62c3a28be2c3d8cd85005f2ad58613a810eeaa8ab1
- Size
  
  269KB
- MD5
  
  7eeef796f094d4f0d0a898dfcaeb59e9
- SHA1
  
  d9471c923e11e32e4af2dbf091d25aae6ecd9466
- SHA256
  
  58567be43d8183543f190c62c3a28be2c3d8cd85005f2ad58613a810eeaa8ab1
- SHA512
  
  31b7cbfc6b087887d3cbf1ccd8738d499ca5f28ed03c90be6ace8ca244aa84a95515b666eeac0068a24ef0119400702210281fe43033830ed85be5eafbd3c3e9
- SSDEEP
  
  3072:kMADZu3ENYoKjAID8M/tdy98JMLOSEkb7WLa3QA/SfSnZKGCVy98n4POLxO:ZADZu3ENSjAIDHE98JEbCe3QwSAZTp
Score

10^/10

redline @2023@infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@2023@infostealer