redline | a6e9c9ed024c4026aa68627c95c52b87e9206b47ffee87f06abfc85218e69cb9 | Triage

Sharing

General

Target

a6e9c9ed024c4026aa68627c95c52b87e9206b47ffee87f06abfc85218e69cb9
Size

269KB
Sample

221206-nzjrxaef46
MD5

761da75b0364cc4637a5ce825bb533ae
SHA1

129b9d68c63c2711b16c3957ce90d0dac634f941
SHA256

a6e9c9ed024c4026aa68627c95c52b87e9206b47ffee87f06abfc85218e69cb9
SHA512

e60e420f325d82da994fa8c2a02984f8a497435ff91661c3f54ae40cc2719dec12871fcee0bc6972e8a171e4322948f5cbea2e6c5311243d54d210efc15ad16c
SSDEEP

3072:YMADZupENYoKjAID8M/tdy98JMLOSEkb7WLa3QA/SfSnZKGCVy9xn47O9xO:1ADZupENSjAIDHE98JEbCe3QwSAZTg

Score

10^/10

redline @2023@infostealer

Malware Config

Extracted

Family

redline

Botnet

@2023@

C2

193.106.191.138:32796

Attributes

auth_value
ca057e5baadfd0774a34a6a949cd5e69

Targets

- Target
  
  a6e9c9ed024c4026aa68627c95c52b87e9206b47ffee87f06abfc85218e69cb9
- Size
  
  269KB
- MD5
  
  761da75b0364cc4637a5ce825bb533ae
- SHA1
  
  129b9d68c63c2711b16c3957ce90d0dac634f941
- SHA256
  
  a6e9c9ed024c4026aa68627c95c52b87e9206b47ffee87f06abfc85218e69cb9
- SHA512
  
  e60e420f325d82da994fa8c2a02984f8a497435ff91661c3f54ae40cc2719dec12871fcee0bc6972e8a171e4322948f5cbea2e6c5311243d54d210efc15ad16c
- SSDEEP
  
  3072:YMADZupENYoKjAID8M/tdy98JMLOSEkb7WLa3QA/SfSnZKGCVy9xn47O9xO:1ADZupENSjAIDHE98JEbCe3QwSAZTg
Score

10^/10

redline @2023@infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@2023@infostealer