redline | 47979807a70793ec7cbdab32c03fe552c371f5bbe4a42a2398087199b5bf5aa0 | Triage

Submit
Reports

Overview

overview

Static

static

2a9237e01f...25.exe

windows7-x64

2a9237e01f...25.exe

windows10-2004-x64

Sharing

General

Target

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
Size

146KB
Sample

221207-btvk1afa5z
MD5

a320bae7a4ed5cf79654cb6553505f93
SHA1

34207daa6bd6088b909e964d7c09d6cf6114e0a9
SHA256

47979807a70793ec7cbdab32c03fe552c371f5bbe4a42a2398087199b5bf5aa0
SHA512

062c54870e82df804558b0cf05f0fcc52f237e5413b9ec28ec10af7d3d1b117eac174f2c373f30c1c7d11e1ce35997f224681f5604559d8938ff6b9117e41164
SSDEEP

3072:p9nOYsTjKU+1wVzMmY4ah4+P8XinDd+Bz6EF10arFcY:p0YQ01Nh4uoFnL

Score

10^/10

redline @p1 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25.exe

Resource

win7-20220812-en

redline @p1 infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25.exe

Resource

win10v2004-20220901-en

redline @p1 infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
- Size
  
  239KB
- MD5
  
  5f66f6f04fab186a8bd08162c1e67337
- SHA1
  
  30fbbedab38ce51ac8009cf337794fd53552d726
- SHA256
  
  2a9237e01f7f8a281246db14183f903b27b6f4a2760cef9cfc51e7876bbb4c25
- SHA512
  
  9bb1b7f180f449fac9cdf53b94f51eb5aaaf7881b5eac3c0010d0acbeb23c82016f580764bd16643507ba5ff7d6dbd0dcc42aee3d321dafe610a9f797a5ddacf
- SSDEEP
  
  3072:zx+Ygbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcYmbxO:zx+YgWg5Kq+PwQoHp0DoK2KJSTfqrhm3
Score

10^/10

redline @p1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@p1infostealer

behavioral2

redline@p1infostealer

© 2018-2024

Terms | Privacy