redline | f2a55c47f500efa4bb1b41487cf512c38b0f7438ed955656cceb51a2c11c2d6a | Triage

Sharing

General

Target

pureland.7z
Size

429KB
Sample

230304-zq16daec2v
MD5

88d394e1f27c6e2512a00544f53889ec
SHA1

72ef0dff9731ff86dd3493a9b749ad57ba22d966
SHA256

f2a55c47f500efa4bb1b41487cf512c38b0f7438ed955656cceb51a2c11c2d6a
SHA512

63b4ee18ec20d596d1f29470f0294bcada50e3021c6fa9e2871d0ed73f832ebbded0973ed41835aaf855243032a982dcda88bc94cd3bafff98ad902ed955775d
SSDEEP

12288:Z77QgOn0IpbnynlQujHGkSyVjEQbHaoBd/HsA:Z60IKlQDlyVbraoBhHv

Score

10^/10

redline 5hr infostealer

Malware Config

Extracted

Family

redline

Botnet

5hr

C2

167.235.233.35:16621

Attributes

auth_value
b321fb9762768a15049957e99160b383

Targets

- Target
  
  pureland.exe
- Size
  
  700.6MB
- MD5
  
  68640753e6d7039bc457b03a5b57fd39
- SHA1
  
  cfb3951c0d484c3e52054104979e7c024b178f87
- SHA256
  
  7ce78fb87ca8d2691f753907b64147f0de94b236b0e0fbaccf40f2ecbe15cb23
- SHA512
  
  1e5cdfe988b92cf90ac2f7aa1449dd830377023522feb3e2129bda2a73c2ac588408e24ade5a5301bc26b68bd20bdecaae5927fd097e12d686e2809d1d94158e
- SSDEEP
  
  12288:F6P7l6yr6BCInd92qFfZ0ElbvCJSPypmECG0H6aXYGkA:wIyr8CHElbvCJS6pmECGzaXYGV
Score

10^/10

redline 5hr infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline5hrinfostealer

behavioral2

redline5hrinfostealer