redline | 32551f9124a359edf3435979372676a4c5bbaeb0423cc3ec53d382abb39d850f | Triage

Sharing

General

Target

32551f9124a359edf3435979372676a4c5bbaeb0423cc3ec53d382abb39d850f
Size

356KB
Sample

230103-fet35sda4v
MD5

114738737463a73a549ac1221afd045c
SHA1

70feebd89e898537d4ccfe2522e29af1568d4e68
SHA256

32551f9124a359edf3435979372676a4c5bbaeb0423cc3ec53d382abb39d850f
SHA512

b52490e2c5dd34779715580d5eb885011eee17994a104afb6e1f4a10ba629d09494d89748bf18171ae95cd43a7e02211c8bace8c34343b0e889a6c0ed2d8e135
SSDEEP

6144:qcJeNaxNPMRWRBlTyw07AOpj/tdOnHOXoZeYvf3Z66dMbsBJV:HeNaxxMRs+7f/td6HOYZeC/ZewBJ

Score

10^/10

redline letgo infostealer

Malware Config

Extracted

Family

redline

Botnet

letgo

C2

80.66.87.13:22346

Attributes

auth_value
9a4217b7e3f4309698e5e6d932e3545e

Targets

- Target
  
  32551f9124a359edf3435979372676a4c5bbaeb0423cc3ec53d382abb39d850f
- Size
  
  356KB
- MD5
  
  114738737463a73a549ac1221afd045c
- SHA1
  
  70feebd89e898537d4ccfe2522e29af1568d4e68
- SHA256
  
  32551f9124a359edf3435979372676a4c5bbaeb0423cc3ec53d382abb39d850f
- SHA512
  
  b52490e2c5dd34779715580d5eb885011eee17994a104afb6e1f4a10ba629d09494d89748bf18171ae95cd43a7e02211c8bace8c34343b0e889a6c0ed2d8e135
- SSDEEP
  
  6144:qcJeNaxNPMRWRBlTyw07AOpj/tdOnHOXoZeYvf3Z66dMbsBJV:HeNaxxMRs+7f/td6HOYZeC/ZewBJ
Score

10^/10

redline letgo infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineletgoinfostealer

behavioral2

redlineletgoinfostealer