General
-
Target
e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
-
Size
389KB
-
Sample
221227-jxkh7shf9y
-
MD5
e8205b359c9c5d6c8d7fcfd68c908c7b
-
SHA1
3d2a600b1ddf8955f028fbcd79886fa61be034e1
-
SHA256
e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
-
SHA512
9fd8a8a8f4f88d8189bee80ec3c619b0e5859f995012a0cdc5bdc8f909505533bc29ad7f47390992aa20d7fcb5bce2c1a2ff570d712a5562ef946a38702c850e
-
SSDEEP
6144:Bm4dxganzHlvVtNMGmHfuAKMpxSAOP3E6fRwl6qMlicP+G9M:BtcanzHlvxMLSR3E66l6qMlicP+sM
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
-
Size
389KB
-
MD5
e8205b359c9c5d6c8d7fcfd68c908c7b
-
SHA1
3d2a600b1ddf8955f028fbcd79886fa61be034e1
-
SHA256
e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738
-
SHA512
9fd8a8a8f4f88d8189bee80ec3c619b0e5859f995012a0cdc5bdc8f909505533bc29ad7f47390992aa20d7fcb5bce2c1a2ff570d712a5562ef946a38702c850e
-
SSDEEP
6144:Bm4dxganzHlvVtNMGmHfuAKMpxSAOP3E6fRwl6qMlicP+G9M:BtcanzHlvxMLSR3E66l6qMlicP+sM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation