redline | ee070b928799ea62b822637010793ef0a269505fd8b21c71b4b07ec6450bfb3c | Triage

Sharing

General

Target

4.exe
Size

354KB
Sample

230422-zw13kagg45
MD5

896576e1f3019e99acfb4683cbc915bc
SHA1

0f20aa7d46ad6eed4a6b9f96fdd746d118ac7f8c
SHA256

ee070b928799ea62b822637010793ef0a269505fd8b21c71b4b07ec6450bfb3c
SHA512

b5cbaf3c1668e3d66b556c0adddb5037a085aa7279f9b7b1b15bbb85026e261734a188d6ae303532135012ce0c8a39296760da5fe93066acdd297484cca20ba6
SSDEEP

6144:ATLeCw46m6vHuvp1U3EJAOcAZNSGleA/smc1FTUyrkoegYBvra5/:2SCw5UjJKgBEpje1a5

Score

10^/10

redline pub4 infostealer

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes

auth_value
0da82ae70515a79fe7ddf40ce11d2c47

Targets

- Target
  
  4.exe
- Size
  
  354KB
- MD5
  
  896576e1f3019e99acfb4683cbc915bc
- SHA1
  
  0f20aa7d46ad6eed4a6b9f96fdd746d118ac7f8c
- SHA256
  
  ee070b928799ea62b822637010793ef0a269505fd8b21c71b4b07ec6450bfb3c
- SHA512
  
  b5cbaf3c1668e3d66b556c0adddb5037a085aa7279f9b7b1b15bbb85026e261734a188d6ae303532135012ce0c8a39296760da5fe93066acdd297484cca20ba6
- SSDEEP
  
  6144:ATLeCw46m6vHuvp1U3EJAOcAZNSGleA/smc1FTUyrkoegYBvra5/:2SCw5UjJKgBEpje1a5
Score

10^/10

redline pub4 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub4infostealer

behavioral2

redlinepub4infostealer