redline | 47979807a70793ec7cbdab32c03fe552c371f5bbe4a42a2398087199b5bf5aa0 | Triage

Submit
Reports

Overview

overview

Static

static

2a9237e01f...25.exe

windows7-x64

2a9237e01f...25.exe

windows10-2004-x64

Sharing

General

Target

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
Size

146KB
Sample

221207-btvk1afa5z
MD5

a320bae7a4ed5cf79654cb6553505f93
SHA1

34207daa6bd6088b909e964d7c09d6cf6114e0a9
SHA256

47979807a70793ec7cbdab32c03fe552c371f5bbe4a42a2398087199b5bf5aa0
SHA512

062c54870e82df804558b0cf05f0fcc52f237e5413b9ec28ec10af7d3d1b117eac174f2c373f30c1c7d11e1ce35997f224681f5604559d8938ff6b9117e41164
SSDEEP

3072:p9nOYsTjKU+1wVzMmY4ah4+P8XinDd+Bz6EF10arFcY:p0YQ01Nh4uoFnL

Score

10^/10

redline @p1 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25.exe

Resource

win7-20220812-en

redline @p1 infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25.exe

Resource

win10v2004-20220901-en

redline @p1 infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
- Size
  
  239KB
- MD5
  
  5f66f6f04fab186a8bd08162c1e67337
- SHA1
  
  30fbbedab38ce51ac8009cf337794fd53552d726
- SHA256
  
  2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
- SHA512
  
  9bb1b7f180f449fac9cdf53b94f51eb5aaaf7881b5eac3c0010d0acbeb23c82016f580764bd16643507ba5ff7d6dbd0dcc42aee3d321dafe610a9f797a5ddacf
- SSDEEP
  
  3072:zx+Ygbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcYmbxO:zx+YgWg5Kq+PwQoHp0DoK2KJSTfqrhm3
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@p1infostealer

behavioral2

redline@p1infostealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.