redline | e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738 | Triage

Sharing

General

Target

e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
Size

389KB
Sample

221227-jxkh7shf9y
MD5

e8205b359c9c5d6c8d7fcfd68c908c7b
SHA1

3d2a600b1ddf8955f028fbcd79886fa61be034e1
SHA256

e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
SHA512

9fd8a8a8f4f88d8189bee80ec3c619b0e5859f995012a0cdc5bdc8f909505533bc29ad7f47390992aa20d7fcb5bce2c1a2ff570d712a5562ef946a38702c850e
SSDEEP

6144:Bm4dxganzHlvVtNMGmHfuAKMpxSAOP3E6fRwl6qMlicP+G9M:BtcanzHlvxMLSR3E66l6qMlicP+sM

Score

10^/10

redline 11 infostealer

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
- Size
  
  389KB
- MD5
  
  e8205b359c9c5d6c8d7fcfd68c908c7b
- SHA1
  
  3d2a600b1ddf8955f028fbcd79886fa61be034e1
- SHA256
  
  e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
- SHA512
  
  9fd8a8a8f4f88d8189bee80ec3c619b0e5859f995012a0cdc5bdc8f909505533bc29ad7f47390992aa20d7fcb5bce2c1a2ff570d712a5562ef946a38702c850e
- SSDEEP
  
  6144:Bm4dxganzHlvVtNMGmHfuAKMpxSAOP3E6fRwl6qMlicP+G9M:BtcanzHlvxMLSR3E66l6qMlicP+sM
Score

10^/10

redline 11 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline11infostealer