redline | 10df04c2c19b07effef5a2b118ec099e6fb9d98a10e98ae2b6945fa4004dd444 | Triage

Submit
Reports

Overview

overview

Static

static

1

255cb2aeea...a7.exe

windows7-x64

255cb2aeea...a7.exe

windows10-2004-x64

Sharing

General

Target

9f390e9ca00464a6f7e1ce321baceb22.bin
Size

13.2MB
Sample

230423-ca3b6sbg7t
MD5

03c0597e81e58bdf1e0dc7c181798052
SHA1

ded04185db926672b2efc03dc4029ff72b87be52
SHA256

10df04c2c19b07effef5a2b118ec099e6fb9d98a10e98ae2b6945fa4004dd444
SHA512

ba74296677bacc942d751f09a308b2710942806aa6ebbeb7d46855201cd0c19b87b2dc7d92b789734a4793a0453b06e4482751d8944533c8b9f4cc8936b29325
SSDEEP

196608:VwnulVi7y1kWz3Jr9MCg5N9zOfUhoQFuFnglllfNMHYRxILVMSI/R84h:+u++DLJry7N9KfUqQ8FgnlfN825h

Score

10^/10

redline 5350206221 infostealer upx

Static task

static1

Behavioral task

behavioral1

Sample

255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7.exe

Resource

win7-20230220-en

redline 5350206221 infostealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7.exe

Resource

win10v2004-20230220-en

redline 5350206221 infostealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

5350206221

C2

195.20.17.139:80

Attributes

auth_value
cf75908d75b4508135a38c8679c86f6e

Targets

- Target
  
  255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7.exe
- Size
  
  13.5MB
- MD5
  
  9f390e9ca00464a6f7e1ce321baceb22
- SHA1
  
  d5d813e0bad5c64cd95b23919eba1432778b7965
- SHA256
  
  255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7
- SHA512
  
  54b958487f40537c80374acb37d0cec27bb169fc5549768fb05a161de1a10546cea7c6be1d59df5fb615ed8285f0bf03f33203a1ec0a28fcc6694497e6a6ee2f
- SSDEEP
  
  393216:M1xsX4B8eD3F+oI9KtC9I5cfZLxsaZf4nT70mrsMYd:M1GI9FQmOfZLSP0Qc
Score

10^/10

redline 5350206221 infostealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline5350206221infostealerupx

behavioral2

redline5350206221infostealerupx

© 2018-2024

Terms | Privacy