redline | 00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6 | Triage

Submit
Reports

Overview

overview

Static

static

1

00bb6358e0...c6.exe

windows7-x64

00bb6358e0...c6.exe

windows10-2004-x64

Sharing

General

Target

00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6.exe
Size

688KB
Sample

230518-qwaqyahh3w
MD5

7bd4712661150c741269655fffa840f2
SHA1

041bbe3383cdd57a7647e918cda230d23ae4cda7
SHA256

00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6
SHA512

2805706b811ddde80a8b34161cd13acf063eb2f07e59ab68c99f227fb8ba14c9351084ae5634df600a6163ed09469fe8f8e8fb73283883af602df89fc1e8f370
SSDEEP

12288:K2IGs8HzgsEyDjWWnbBArxfNXCuEHQZmcryznhD5+dGY:KEHZG9ncyAhDgl

Score

10^/10

redline whnt infostealer rezer0

Static task

static1

Behavioral task

behavioral1

Sample

00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6.exe

Resource

win7-20230220-en

redline whnt infostealer rezer0

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6.exe

Resource

win10v2004-20230220-en

redline whnt infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

whnt

C2

peusharner.xyz:80

Targets

- Target
  
  00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6.exe
- Size
  
  688KB
- MD5
  
  7bd4712661150c741269655fffa840f2
- SHA1
  
  041bbe3383cdd57a7647e918cda230d23ae4cda7
- SHA256
  
  00bb6358e0df84ccee85b3fbb8984f08a85d01363b472534c78b5234f90775c6
- SHA512
  
  2805706b811ddde80a8b34161cd13acf063eb2f07e59ab68c99f227fb8ba14c9351084ae5634df600a6163ed09469fe8f8e8fb73283883af602df89fc1e8f370
- SSDEEP
  
  12288:K2IGs8HzgsEyDjWWnbBArxfNXCuEHQZmcryznhD5+dGY:KEHZG9ncyAhDgl
Score

10^/10

redline whnt infostealer rezer0
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinewhntinfostealerrezer0

behavioral2

redlinewhntinfostealer

© 2018-2024

Terms | Privacy