redline | 8bb08b19068f3c8b97454ff72b8624ed58fe884387fcf30356dc5a0153a008fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

redline_extracted.exe
Size

59KB
Sample

230313-fbnf7age73
MD5

f66cead6f614e129a93a3f2aee342165
SHA1

e52b3cd013b08d353abe738f2f2a8e50d36725c1
SHA256

8bb08b19068f3c8b97454ff72b8624ed58fe884387fcf30356dc5a0153a008fb
SHA512

bb4607c5c760a2a78e666d36410b2243409a3982461d30b416ed5b6f9750904d4a4bfc505f88be2a58802a3bddf0c5d6d99e2063d55bbc22b51e32d89c074cf9
SSDEEP

1536:lvXJXvB5sx6dfAx9i4Sn5kdBvQ+DzbgKbckKC:kEix9iAdBI+sKbcK

Score

10^/10

redline media infostealer

Malware Config

Extracted

Family

redline

Botnet

Media

C2

199.115.193.171:48258

Attributes

auth_value
82789a7b2857c80849a911b56defecb0

Targets

- Target
  
  redline_extracted.exe
- Size
  
  59KB
- MD5
  
  f66cead6f614e129a93a3f2aee342165
- SHA1
  
  e52b3cd013b08d353abe738f2f2a8e50d36725c1
- SHA256
  
  8bb08b19068f3c8b97454ff72b8624ed58fe884387fcf30356dc5a0153a008fb
- SHA512
  
  bb4607c5c760a2a78e666d36410b2243409a3982461d30b416ed5b6f9750904d4a4bfc505f88be2a58802a3bddf0c5d6d99e2063d55bbc22b51e32d89c074cf9
- SSDEEP
  
  1536:lvXJXvB5sx6dfAx9i4Sn5kdBvQ+DzbgKbckKC:kEix9iAdBI+sKbcK
Score

10^/10

redline media infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemediainfostealer

behavioral2