redline | hxxps://mediafire[.]com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D[.]rar/file | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://mediafire.co...

windows10-2004-x64

Sharing

General

Target

https://mediafire.com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D.rar/file
Sample

230401-xjcs4abh47

Score

10^/10

redline @dxrkl0rd infostealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://mediafire.com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D.rar/file

Resource

win10v2004-20230220-en

redline @dxrkl0rd infostealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@dxrkl0rd

C2

5.206.224.176:46989

Attributes

auth_value
9750c50e8073b21d538cfb6d993427dc

Targets

- Target
  
  https://mediafire.com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D.rar/file
Score

10^/10

redline @dxrkl0rd infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

urlscan1

behavioral1

redline@dxrkl0rdinfostealer

© 2018-2024

Terms | Privacy