Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    92KB

  • Sample

    230328-pddt7sce6x

  • MD5

    f0b2f2d5186ecb1df278892375e29171

  • SHA1

    f1e2e1365ad3463a5685bd6ab8eeb581f50dd0ee

  • SHA256

    03ac65cbbc897a705cfa15c74bba1adc773f88db724398db12d105d19ee8ee50

  • SHA512

    41fa116f39afd6f4e7fc7bad821c0ce9fe0db268dab18a9e83db6ec3fe6c83099bf14f80441f0bf87a4d5590782a1ba9908d6c576d8c56e224a8c096aae07c0d

  • SSDEEP

    1536:EjpxRYrm0MlPJFZyMzJdNHJGQ/l3pS+2ZyxDG/ONJctGVaIsWkBcd5ApB:EjF0M9bldNrpS+2ZyxDG//UVb58B

Score
10/10
redline@pepsiiiksinfostealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://cdn.discordapp.com/attachments/1089906964944920650/1090020680885600276/6456234.ps1

Extracted

Family

redline

Botnet

@pepsiiiks

C2

37.220.87.13:48790

Attributes
  • auth_value

    fe64d38aa6dcc1910323ccf891188b46

Targets

    • Target

      tmp

    • Size

      92KB

    • MD5

      f0b2f2d5186ecb1df278892375e29171

    • SHA1

      f1e2e1365ad3463a5685bd6ab8eeb581f50dd0ee

    • SHA256

      03ac65cbbc897a705cfa15c74bba1adc773f88db724398db12d105d19ee8ee50

    • SHA512

      41fa116f39afd6f4e7fc7bad821c0ce9fe0db268dab18a9e83db6ec3fe6c83099bf14f80441f0bf87a4d5590782a1ba9908d6c576d8c56e224a8c096aae07c0d

    • SSDEEP

      1536:EjpxRYrm0MlPJFZyMzJdNHJGQ/l3pS+2ZyxDG/ONJctGVaIsWkBcd5ApB:EjF0M9bldNrpS+2ZyxDG//UVb58B

    Score
    10/10
    redline@pepsiiiksinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks