General
-
Target
18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
-
Size
389KB
-
Sample
221227-abkgmshb9t
-
MD5
ab168ca7a8902f0a922590433d1acc7b
-
SHA1
30f50b2cc6c2fdcb2ee607b3e912556e36d1fb36
-
SHA256
18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
-
SHA512
4fc711bd1eb641d1e6a01b3780960dfd67ff46bc364f4d898ff05c78570d3c0922d11af52e502d9f867e425e20d57a02dc6c1679e9dfbe43b1a50363f75320c6
-
SSDEEP
6144:2m4H8wNHzXF/FdNcmG3vuAqMexSAOeDqsDE3dcMygTeefj1cV6ag9M:2tlNHzXF/RcKSc7efjqV6aaM
Static task
static1
Behavioral task
behavioral1
Sample
18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
-
Size
389KB
-
MD5
ab168ca7a8902f0a922590433d1acc7b
-
SHA1
30f50b2cc6c2fdcb2ee607b3e912556e36d1fb36
-
SHA256
18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
-
SHA512
4fc711bd1eb641d1e6a01b3780960dfd67ff46bc364f4d898ff05c78570d3c0922d11af52e502d9f867e425e20d57a02dc6c1679e9dfbe43b1a50363f75320c6
-
SSDEEP
6144:2m4H8wNHzXF/FdNcmG3vuAqMexSAOeDqsDE3dcMygTeefj1cV6ag9M:2tlNHzXF/RcKSc7efjqV6aaM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation