Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
Size

389KB
Sample

221227-abkgmshb9t
MD5

ab168ca7a8902f0a922590433d1acc7b
SHA1

30f50b2cc6c2fdcb2ee607b3e912556e36d1fb36
SHA256

18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
SHA512

4fc711bd1eb641d1e6a01b3780960dfd67ff46bc364f4d898ff05c78570d3c0922d11af52e502d9f867e425e20d57a02dc6c1679e9dfbe43b1a50363f75320c6
SSDEEP

6144:2m4H8wNHzXF/FdNcmG3vuAqMexSAOeDqsDE3dcMygTeefj1cV6ag9M:2tlNHzXF/RcKSc7efjqV6aaM

Score

10^/10

redline 11 infostealer

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
- Size
  
  389KB
- MD5
  
  ab168ca7a8902f0a922590433d1acc7b
- SHA1
  
  30f50b2cc6c2fdcb2ee607b3e912556e36d1fb36
- SHA256
  
  18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70
- SHA512
  
  4fc711bd1eb641d1e6a01b3780960dfd67ff46bc364f4d898ff05c78570d3c0922d11af52e502d9f867e425e20d57a02dc6c1679e9dfbe43b1a50363f75320c6
- SSDEEP
  
  6144:2m4H8wNHzXF/FdNcmG3vuAqMexSAOeDqsDE3dcMygTeefj1cV6ag9M:2tlNHzXF/RcKSc7efjqV6aaM
Score

10^/10

redline 11 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redline11infostealer