redline | 2342730f2266f3c72408c085513bb60d45973a2c27ace9feeee19d25b5542e85 | Triage

Sharing

General

Target

6d3c6795325dd55b1c07a70573875a31721fe3989f81fa761e8091f21a24b262
Size

179KB
Sample

221227-y4fwxsbd3x
MD5

adac2d041f43b8aa3853b643351afed1
SHA1

5d22731807200f6cd4bc98e3a6599f22f569cb8c
SHA256

2342730f2266f3c72408c085513bb60d45973a2c27ace9feeee19d25b5542e85
SHA512

47b8160700ef87676119fc81096ec8b4f330b9682b410d1d62bd662a5facf3dfb818bde41f1f320bde14e7dc8e921a7e00af31931f155b5b0547b157c8e8c17a
SSDEEP

3072:bI38SYjHVJaN7wDwfKL6F2se5K98EUPjU2k5zrl/8xB5OA1FLefRMSCHs+5:s8R7VJQwUise52b/bWDOWSRLCM+5

Score

10^/10

redline bunde2 infostealer

Malware Config

Extracted

Family

redline

Botnet

bunde2

C2

65.21.5.58:24911

Attributes

auth_value
fac6d788afc7ea9267b85bc08b54c40d

Targets

- Target
  
  6d3c6795325dd55b1c07a70573875a31721fe3989f81fa761e8091f21a24b262
- Size
  
  389KB
- MD5
  
  6d5ca60166f1e331a4682e33f9faf0b8
- SHA1
  
  2e9fe7dde806f81ea4225dd39b89e9973c9cf9bb
- SHA256
  
  6d3c6795325dd55b1c07a70573875a31721fe3989f81fa761e8091f21a24b262
- SHA512
  
  4f454e761d47f8ec60d1e74dabb3c49f8babde4c92f0f3be7fee7217f414a17d1bb300221829a49422f4fb112ee35cb9beff82b57f4db63e217ded02db871c1a
- SSDEEP
  
  6144:em4H8wNHzXF/FdNcmG3vuAqMexSAOn9siBSUV3q4QWztMHWW/9M:etlNHzXF/RcKSh9sMq4zz4VM
Score

10^/10

redline bunde2 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebunde2infostealer

behavioral2

redlinebunde2infostealer