redline | 1ed32d464e8ba3b51bdce4d0544fba7ce00e22961340c50cb78441df46d99848 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ed32d464e8ba3b51bdce4d0544fba7ce00e22961340c50cb78441df46d99848
Size

361KB
Sample

221230-n75dksag6t
MD5

efeb72cdc4ec1537fbf2baf31da19dbd
SHA1

d3212294e422187625f8cedb1d3039b23d8f8b70
SHA256

1ed32d464e8ba3b51bdce4d0544fba7ce00e22961340c50cb78441df46d99848
SHA512

97b68fbb0726f9af59f479b7c1bceed0778e61b1b5dee419aa7771ebd97f86defc2b55e56fb8df602206f1f8c3c13bad7a4290b4adbeb5f9319c780db244be09
SSDEEP

6144:6NZxqk0ub6g8DXtAOjkA6haaTnE+FPkY:IZxqk0u8BR6hRTE+Fl

Score

10^/10

redline redline bot infostealer

Malware Config

Extracted

Family

redline

Botnet

Redline Bot

C2

193.42.244.249:5514

Attributes

auth_value
dba2cba3a65b70477f54eb1d91e5f886

Targets

- Target
  
  1ed32d464e8ba3b51bdce4d0544fba7ce00e22961340c50cb78441df46d99848
- Size
  
  361KB
- MD5
  
  efeb72cdc4ec1537fbf2baf31da19dbd
- SHA1
  
  d3212294e422187625f8cedb1d3039b23d8f8b70
- SHA256
  
  1ed32d464e8ba3b51bdce4d0544fba7ce00e22961340c50cb78441df46d99848
- SHA512
  
  97b68fbb0726f9af59f479b7c1bceed0778e61b1b5dee419aa7771ebd97f86defc2b55e56fb8df602206f1f8c3c13bad7a4290b4adbeb5f9319c780db244be09
- SSDEEP
  
  6144:6NZxqk0ub6g8DXtAOjkA6haaTnE+FPkY:IZxqk0u8BR6hRTE+Fl
Score

10^/10

redline redline bot infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineredline botinfostealer