redline | bf35616ee11dde75f4eb2ea1e9bbee1b1b8d888a11348a3bb86f7a41024f7dc4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf35616ee11dde75f4eb2ea1e9bbee1b1b8d888a11348a3bb86f7a41024f7dc4
Size

1.6MB
Sample

230822-fe1wpaaa88
MD5

d86b737961f42936242727cc47621f78
SHA1

8a46d5c6bf1e931296ba01f9ae0fe5761663d0cf
SHA256

bf35616ee11dde75f4eb2ea1e9bbee1b1b8d888a11348a3bb86f7a41024f7dc4
SHA512

a7a465215f1158ba3cb2dbbbf56234af9e5c002149a82a730186b80c374aa9edd6ccc90a35af2171c616c4aa2a343dba03393026f51db0c835c582a6bc05b2b0
SSDEEP

12288:RJzhqm6pJw0xgvYOR8xjN9cDUtm5xpAvAk8vOITSrteJPzQ3rV/JG0CvuM0ZuQHC:ldbvYOaxjN9cDw1eOxrV/JGzl1417

Score

10^/10

redline site infostealer

Malware Config

Extracted

Family

redline

Botnet

SITE

C2

46.149.77.25:8599

Attributes

auth_value
97781681f494b724f8b14b49f5992a52

Targets

- Target
  
  bf35616ee11dde75f4eb2ea1e9bbee1b1b8d888a11348a3bb86f7a41024f7dc4
- Size
  
  1.6MB
- MD5
  
  d86b737961f42936242727cc47621f78
- SHA1
  
  8a46d5c6bf1e931296ba01f9ae0fe5761663d0cf
- SHA256
  
  bf35616ee11dde75f4eb2ea1e9bbee1b1b8d888a11348a3bb86f7a41024f7dc4
- SHA512
  
  a7a465215f1158ba3cb2dbbbf56234af9e5c002149a82a730186b80c374aa9edd6ccc90a35af2171c616c4aa2a343dba03393026f51db0c835c582a6bc05b2b0
- SSDEEP
  
  12288:RJzhqm6pJw0xgvYOR8xjN9cDUtm5xpAvAk8vOITSrteJPzQ3rV/JG0CvuM0ZuQHC:ldbvYOaxjN9cDw1eOxrV/JGzl1417
Score

10^/10

redline site infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesiteinfostealer

behavioral2

redlinesiteinfostealer