Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c
Size

397KB
Sample

221227-tkqvkafb57
MD5

05736a9315062326cd1cd231c0fc98ca
SHA1

38bb6c4fac0bdd7bfd8ebdf3ded963863995fed1
SHA256

acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c
SHA512

bbfa5d92946f1486e0a63aa83e8fe8e70c79126dfd95c91a1daa72b5af3df06a71bc244dee5acac90e93c810eef83e45efb7997e59a5c07de709718fa49d489e
SSDEEP

6144:F+hp0xIyuQ3QTprP30jUISJTfAOUUHIj+pYHvZW0aHkwOPSa:Fip0xIyuQgV13HIPHs0Oa

Score

10^/10

redline 11 infostealer

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c
- Size
  
  397KB
- MD5
  
  05736a9315062326cd1cd231c0fc98ca
- SHA1
  
  38bb6c4fac0bdd7bfd8ebdf3ded963863995fed1
- SHA256
  
  acb66a576dd58753f4028e7377c2233e0013f86ace5e4cecf32f12123b9ae15c
- SHA512
  
  bbfa5d92946f1486e0a63aa83e8fe8e70c79126dfd95c91a1daa72b5af3df06a71bc244dee5acac90e93c810eef83e45efb7997e59a5c07de709718fa49d489e
- SSDEEP
  
  6144:F+hp0xIyuQ3QTprP30jUISJTfAOUUHIj+pYHvZW0aHkwOPSa:Fip0xIyuQgV13HIPHs0Oa
Score

10^/10

redline 11 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redline11infostealer